534500x8000000000000000167623Microsoft-Windows-Sysmon/Operationalar-win-1-2025-10-14 10:44:47.033{5ab40fd1-299c-68ee-1722-000000003a02}8784C:\Users\Administrator\Downloads\PSTools\Recon\psloglist.exeAR-WIN-1\Administrator 13241300x8000000000000000167622Microsoft-Windows-Sysmon/Operationalar-win-1Alert,Sysinternals Tool UsedSetValue2025-10-14 10:44:45.568{5ab40fd1-299c-68ee-1722-000000003a02}8784C:\Users\Administrator\Downloads\PSTools\Recon\psloglist.exeHKU\S-1-5-21-1087941857-1673917154-741806574-500\Software\Sysinternals\PsLoglist\EulaAcceptedDWORD (0x00000001)AR-WIN-1\Administrator 154100x8000000000000000167621Microsoft-Windows-Sysmon/Operationalar-win-1-2025-10-14 10:44:44.824{5ab40fd1-299c-68ee-1722-000000003a02}8784C:\Users\Administrator\Downloads\PSTools\Recon\psloglist.exe2.82local and remote event log viewerSysinternals PsLogListSysinternals - www.sysinternals.compsloglist.exepsloglistC:\Users\Administrator\Downloads\PSTools\Recon\AR-WIN-1\Administrator{5ab40fd1-15fa-68ed-0a4b-5b0000000000}0x5b4b0a2HighMD5=4F7F8D6C8B22EB5C0C35B29210E2127C,SHA256=DCDB9BD39B6014434190A9949DEDF633726FDB470E95CC47CDAA47C1964B969F,IMPHASH=BC7573D2C2E264BBDEB092984C5474F4{5ab40fd1-16fb-68ed-8104-000000003a02}3840C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" AR-WIN-1\Administrator 534500x8000000000000000167535Microsoft-Windows-Sysmon/Operationalar-win-1-2025-10-14 10:33:17.038{5ab40fd1-26dc-68ee-c921-000000003a02}8472C:\Users\Administrator\Downloads\PSTools\PsService.exeAR-WIN-1\Administrator 13241300x8000000000000000167527Microsoft-Windows-Sysmon/Operationalar-win-1Alert,Sysinternals Tool UsedSetValue2025-10-14 10:33:01.142{5ab40fd1-26dc-68ee-c921-000000003a02}8472C:\Users\Administrator\Downloads\PSTools\PsService.exeHKU\S-1-5-21-1087941857-1673917154-741806574-500\Software\Sysinternals\PsService\EulaAcceptedDWORD (0x00000001)AR-WIN-1\Administrator 154100x8000000000000000167526Microsoft-Windows-Sysmon/Operationalar-win-1-2025-10-14 10:33:00.338{5ab40fd1-26dc-68ee-c921-000000003a02}8472C:\Users\Administrator\Downloads\PSTools\PsService.exe2.26Service information and configuration utilitySysinternals psserviceSysinternals - www.sysinternals.compsservice.exePsService.exeC:\Users\Administrator\Downloads\PSTools\AR-WIN-1\Administrator{5ab40fd1-15fa-68ed-0a4b-5b0000000000}0x5b4b0a2HighMD5=136F9205A5945681EC470B8461DFEE5F,SHA256=D3A816FE5D545A80E4639B34B90D92D1039EB71EF59E6E81B3C0E043A45B751C,IMPHASH=AAA7D15D37857E2F934DA45595B8B029{5ab40fd1-16fb-68ed-8104-000000003a02}3840C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" AR-WIN-1\Administrator 534500x8000000000000000167525Microsoft-Windows-Sysmon/Operationalar-win-1-2025-10-14 10:32:53.413{5ab40fd1-26d4-68ee-c821-000000003a02}3720C:\Users\Administrator\Downloads\PSTools\pslist.exeAR-WIN-1\Administrator 13241300x8000000000000000167524Microsoft-Windows-Sysmon/Operationalar-win-1Alert,Sysinternals Tool UsedSetValue2025-10-14 10:32:52.956{5ab40fd1-26d4-68ee-c821-000000003a02}3720C:\Users\Administrator\Downloads\PSTools\pslist.exeHKU\S-1-5-21-1087941857-1673917154-741806574-500\Software\Sysinternals\PsList\EulaAcceptedDWORD (0x00000001)AR-WIN-1\Administrator 13241300x8000000000000000167523Microsoft-Windows-Sysmon/Operationalar-win-1Alert,Sysinternals Tool UsedSetValue2025-10-14 10:32:52.956{5ab40fd1-26d4-68ee-c821-000000003a02}3720C:\Users\Administrator\Downloads\PSTools\pslist.exeHKU\S-1-5-21-1087941857-1673917154-741806574-500\Software\Sysinternals\PsList\EulaAcceptedDWORD (0x00000001)AR-WIN-1\Administrator 154100x8000000000000000167522Microsoft-Windows-Sysmon/Operationalar-win-1-2025-10-14 10:32:52.418{5ab40fd1-26d4-68ee-c821-000000003a02}3720C:\Users\Administrator\Downloads\PSTools\pslist.exe1.41Process information listerSysinternals PsListSysinternals - www.sysinternals.compslist.exepslistC:\Users\Administrator\Downloads\PSTools\AR-WIN-1\Administrator{5ab40fd1-15fa-68ed-0a4b-5b0000000000}0x5b4b0a2HighMD5=6C08BAE0981841E0CD22FF0F0E8F7510,SHA256=ED05F5D462767B3986583188000143F0EB24F7D89605523A28950E72E6B9039A,IMPHASH=5C2AB5C01A2C8EE5199F1A7F701340EE{5ab40fd1-16fb-68ed-8104-000000003a02}3840C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" AR-WIN-1\Administrator 534500x8000000000000000167520Microsoft-Windows-Sysmon/Operationalar-win-1-2025-10-14 10:32:44.751{5ab40fd1-26cb-68ee-c521-000000003a02}2424C:\Users\Administrator\Downloads\PSTools\PsInfo.exeAR-WIN-1\Administrator 13241300x8000000000000000167518Microsoft-Windows-Sysmon/Operationalar-win-1Alert,Sysinternals Tool UsedSetValue2025-10-14 10:32:44.123{5ab40fd1-26cb-68ee-c521-000000003a02}2424C:\Users\Administrator\Downloads\PSTools\PsInfo.exeHKU\S-1-5-21-1087941857-1673917154-741806574-500\Software\Sysinternals\PsInfo\EulaAcceptedDWORD (0x00000001)AR-WIN-1\Administrator 154100x8000000000000000167517Microsoft-Windows-Sysmon/Operationalar-win-1-2025-10-14 10:32:43.486{5ab40fd1-26cb-68ee-c521-000000003a02}2424C:\Users\Administrator\Downloads\PSTools\PsInfo.exe1.79Local and remote system information viewerSysinternals PsInfoSysinternals - www.sysinternals.comPsinfo.exepsinfoC:\Users\Administrator\Downloads\PSTools\AR-WIN-1\Administrator{5ab40fd1-15fa-68ed-0a4b-5b0000000000}0x5b4b0a2HighMD5=2691D7F266050E6849793D4B6661DDDF,SHA256=951B1B5FD5CB13CDE159CEBC7C60465587E2061363D1D8847AB78B6C4FBA7501,IMPHASH=AD3D06F92D53781231ED31D7B11968C0{5ab40fd1-16fb-68ed-8104-000000003a02}3840C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" AR-WIN-1\Administrator 534500x8000000000000000167516Microsoft-Windows-Sysmon/Operationalar-win-1-2025-10-14 10:32:37.441{5ab40fd1-26c4-68ee-c421-000000003a02}8488C:\Users\Administrator\Downloads\PSTools\PsGetsid.exeAR-WIN-1\Administrator 13241300x8000000000000000167515Microsoft-Windows-Sysmon/Operationalar-win-1Alert,Sysinternals Tool UsedSetValue2025-10-14 10:32:37.409{5ab40fd1-26c4-68ee-c421-000000003a02}8488C:\Users\Administrator\Downloads\PSTools\PsGetsid.exeHKU\S-1-5-21-1087941857-1673917154-741806574-500\Software\Sysinternals\PsGetSid\EulaAcceptedDWORD (0x00000001)AR-WIN-1\Administrator 154100x8000000000000000167514Microsoft-Windows-Sysmon/Operationalar-win-1-2025-10-14 10:32:36.534{5ab40fd1-26c4-68ee-c421-000000003a02}8488C:\Users\Administrator\Downloads\PSTools\PsGetsid.exe1.46Translates SIDs to names and vice versaSysinternals PsGetSidSysinternals - www.sysinternals.comPsGetSid.exePsGetsid.exeC:\Users\Administrator\Downloads\PSTools\AR-WIN-1\Administrator{5ab40fd1-15fa-68ed-0a4b-5b0000000000}0x5b4b0a2HighMD5=3D4112B92A8285D8661BBC29125BDBF5,SHA256=A48AC157609888471BF8578FB8B2AEF6B0068F7E0742FCCF2E0E288B0B2CFDFB,IMPHASH=9DCE7B925F437CDFFE96B118CF300138{5ab40fd1-16fb-68ed-8104-000000003a02}3840C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" AR-WIN-1\Administrator 11241100x8000000000000000167501Microsoft-Windows-Sysmon/Operationalar-win-1Downloads2025-10-14 10:32:08.787{5ab40fd1-26a8-68ee-c121-000000003a02}4992C:\Program Files\7-Zip\7zG.exeC:\Users\Administrator\Downloads\PSTools\PsService64.exe2025-10-14 10:32:08.786AR-WIN-1\Administrator 11241100x8000000000000000167500Microsoft-Windows-Sysmon/Operationalar-win-1Downloads2025-10-14 10:32:08.778{5ab40fd1-26a8-68ee-c121-000000003a02}4992C:\Program Files\7-Zip\7zG.exeC:\Users\Administrator\Downloads\PSTools\PsService.exe2025-10-14 10:32:08.777AR-WIN-1\Administrator 11241100x8000000000000000167497Microsoft-Windows-Sysmon/Operationalar-win-1Downloads2025-10-14 10:32:08.763{5ab40fd1-26a8-68ee-c121-000000003a02}4992C:\Program Files\7-Zip\7zG.exeC:\Users\Administrator\Downloads\PSTools\psloglist64.exe2025-10-14 10:32:08.763AR-WIN-1\Administrator 11241100x8000000000000000167496Microsoft-Windows-Sysmon/Operationalar-win-1Downloads2025-10-14 10:32:08.758{5ab40fd1-26a8-68ee-c121-000000003a02}4992C:\Program Files\7-Zip\7zG.exeC:\Users\Administrator\Downloads\PSTools\psloglist.exe2025-10-14 10:32:08.757AR-WIN-1\Administrator 11241100x8000000000000000167495Microsoft-Windows-Sysmon/Operationalar-win-1Downloads2025-10-14 10:32:08.746{5ab40fd1-26a8-68ee-c121-000000003a02}4992C:\Program Files\7-Zip\7zG.exeC:\Users\Administrator\Downloads\PSTools\pslist64.exe2025-10-14 10:32:08.746AR-WIN-1\Administrator 11241100x8000000000000000167494Microsoft-Windows-Sysmon/Operationalar-win-1Downloads2025-10-14 10:32:08.742{5ab40fd1-26a8-68ee-c121-000000003a02}4992C:\Program Files\7-Zip\7zG.exeC:\Users\Administrator\Downloads\PSTools\pslist.exe2025-10-14 10:32:08.742AR-WIN-1\Administrator 11241100x8000000000000000167491Microsoft-Windows-Sysmon/Operationalar-win-1Downloads2025-10-14 10:32:08.720{5ab40fd1-26a8-68ee-c121-000000003a02}4992C:\Program Files\7-Zip\7zG.exeC:\Users\Administrator\Downloads\PSTools\PsInfo64.exe2025-10-14 10:32:08.720AR-WIN-1\Administrator 11241100x8000000000000000167490Microsoft-Windows-Sysmon/Operationalar-win-1Downloads2025-10-14 10:32:08.711{5ab40fd1-26a8-68ee-c121-000000003a02}4992C:\Program Files\7-Zip\7zG.exeC:\Users\Administrator\Downloads\PSTools\PsInfo.exe2025-10-14 10:32:08.711AR-WIN-1\Administrator 11241100x8000000000000000167489Microsoft-Windows-Sysmon/Operationalar-win-1Downloads2025-10-14 10:32:08.703{5ab40fd1-26a8-68ee-c121-000000003a02}4992C:\Program Files\7-Zip\7zG.exeC:\Users\Administrator\Downloads\PSTools\PsGetsid64.exe2025-10-14 10:32:08.702AR-WIN-1\Administrator 11241100x8000000000000000167488Microsoft-Windows-Sysmon/Operationalar-win-1Downloads2025-10-14 10:32:08.695{5ab40fd1-26a8-68ee-c121-000000003a02}4992C:\Program Files\7-Zip\7zG.exeC:\Users\Administrator\Downloads\PSTools\PsGetsid.exe2025-10-14 10:32:08.695AR-WIN-1\Administrator 11241100x8000000000000000167483Microsoft-Windows-Sysmon/Operationalar-win-1Downloads2025-10-14 10:32:08.651{5ab40fd1-26a8-68ee-c121-000000003a02}4992C:\Program Files\7-Zip\7zG.exeC:\Users\Administrator\Downloads\PSTools\psping64.exe2025-10-14 10:32:08.651AR-WIN-1\Administrator 11241100x8000000000000000167482Microsoft-Windows-Sysmon/Operationalar-win-1Downloads2025-10-14 10:32:08.645{5ab40fd1-26a8-68ee-c121-000000003a02}4992C:\Program Files\7-Zip\7zG.exeC:\Users\Administrator\Downloads\PSTools\psping.exe2025-10-14 10:32:08.645AR-WIN-1\Administrator 11241100x8000000000000000167481Microsoft-Windows-Sysmon/Operationalar-win-1Downloads2025-10-14 10:32:08.642{5ab40fd1-26a8-68ee-c121-000000003a02}4992C:\Program Files\7-Zip\7zG.exeC:\Users\Administrator\Downloads\PSTools\PsLoggedon64.exe2025-10-14 10:32:08.641AR-WIN-1\Administrator 11241100x8000000000000000167480Microsoft-Windows-Sysmon/Operationalar-win-1Downloads2025-10-14 10:32:08.638{5ab40fd1-26a8-68ee-c121-000000003a02}4992C:\Program Files\7-Zip\7zG.exeC:\Users\Administrator\Downloads\PSTools\PsLoggedon.exe2025-10-14 10:32:08.638AR-WIN-1\Administrator