154100x80000000000000005060Microsoft-Windows-Sysmon/Operationalar-win-5.attackrange.local-2024-11-13 21:21:11.200{62e4af84-1847-6735-110f-00000000f601}5644C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe10.0.22621.4111 (WinBuild.160101.0800)BitLocker To Go ReaderMicrosoft® Windows® Operating SystemMicrosoft CorporationBITLOCKERTOGO.EXE"C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe" C:\Users\ADMINI~1\AppData\Local\Temp\2\AR-WIN-5\Administrator{62e4af84-e0ec-6734-4fe4-310000000000}0x31e44f2HighMD5=3D380D2C670B1602F7F35E91124F2C96,SHA256=E2AE6CB0CC4A23ACFA1DF1EFA845813CD0F940DB5DE080590F4BE89651467243,IMPHASH=99F578D87C29DA248E71CD2C7CB536EA{62e4af84-1847-6735-100f-00000000f601}864C:\Users\ADMINI~1\AppData\Local\Temp\2\BitLockerInjectionTest2.exeC:\Users\ADMINI~1\AppData\Local\Temp\2\BitLockerInjectionTest2.exeAR-WIN-5\Administrator 154100x80000000000000005043Microsoft-Windows-Sysmon/Operationalar-win-5.attackrange.local-2024-11-13 21:20:02.488{62e4af84-1802-6735-040f-00000000f601}3920C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe10.0.22621.4111 (WinBuild.160101.0800)BitLocker To Go ReaderMicrosoft® Windows® Operating SystemMicrosoft CorporationBITLOCKERTOGO.EXE"C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe" C:\Users\ADMINI~1\AppData\Local\Temp\2\AR-WIN-5\Administrator{62e4af84-e0ec-6734-4fe4-310000000000}0x31e44f2HighMD5=3D380D2C670B1602F7F35E91124F2C96,SHA256=E2AE6CB0CC4A23ACFA1DF1EFA845813CD0F940DB5DE080590F4BE89651467243,IMPHASH=99F578D87C29DA248E71CD2C7CB536EA{62e4af84-1802-6735-030f-00000000f601}4372C:\Users\ADMINI~1\AppData\Local\Temp\2\BitLockerInjectionTest2.exeC:\Users\ADMINI~1\AppData\Local\Temp\2\BitLockerInjectionTest2.exeAR-WIN-5\Administrator 154100x80000000000000005024Microsoft-Windows-Sysmon/Operationalar-win-5.attackrange.local-2024-11-13 21:19:16.420{62e4af84-17d4-6735-f10e-00000000f601}880C:\Windows\System32\taskkill.exe10.0.20348.1 (WinBuild.160101.0800)Terminates ProcessesMicrosoft® Windows® Operating SystemMicrosoft Corporationtaskkill.exetaskkill /F /IM BitLockerToGo.exe C:\Users\ADMINI~1\AppData\Local\Temp\2\AR-WIN-5\Administrator{62e4af84-e0ec-6734-4fe4-310000000000}0x31e44f2HighMD5=B0FB1B2E809144C5E768F70898D64A69,SHA256=81E9649B317DE9243BF7F34E436E86159BA267D86349FA47EFDB71DDE2FC7BC5,IMPHASH=86AA9A65A9C8E606B1E09C96AE58BACC{62e4af84-17d4-6735-ef0e-00000000f601}4252C:\Windows\System32\cmd.exe"cmd.exe" /c taskkill /F /IM BitLockerToGo.exe >nul 2>&1 & del %temp%\T1055.exe /f >nul 2>&1AR-WIN-5\Administrator 154100x80000000000000005023Microsoft-Windows-Sysmon/Operationalar-win-5.attackrange.local-2024-11-13 21:19:16.398{62e4af84-17d4-6735-ef0e-00000000f601}4252C:\Windows\System32\cmd.exe10.0.20348.2520 (WinBuild.160101.0800)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"cmd.exe" /c taskkill /F /IM BitLockerToGo.exe >nul 2>&1 & del %%temp%%\T1055.exe /f >nul 2>&1C:\Users\ADMINI~1\AppData\Local\Temp\2\AR-WIN-5\Administrator{62e4af84-e0ec-6734-4fe4-310000000000}0x31e44f2HighMD5=503EE109CE5CAC4BD61084CB28FBD200,SHA256=54724F38FF2F85C3FF91DE434895668B6F39008FC205A668AB6AAFAD6FB4D93D,IMPHASH=D60B77062898DC6BFAE7FE11A0F8806C{62e4af84-e0ff-6734-5b08-00000000f601}3524C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" AR-WIN-5\Administrator 154100x80000000000000004996Microsoft-Windows-Sysmon/Operationalar-win-5.attackrange.local-2024-11-13 21:15:08.066{62e4af84-16dc-6735-d30e-00000000f601}6280C:\Windows\System32\taskkill.exe10.0.20348.1 (WinBuild.160101.0800)Terminates ProcessesMicrosoft® Windows® Operating SystemMicrosoft Corporationtaskkill.exetaskkill /F /IM BitLockerToGo.exe C:\Users\ADMINI~1\AppData\Local\Temp\2\AR-WIN-5\Administrator{62e4af84-e0ec-6734-4fe4-310000000000}0x31e44f2HighMD5=B0FB1B2E809144C5E768F70898D64A69,SHA256=81E9649B317DE9243BF7F34E436E86159BA267D86349FA47EFDB71DDE2FC7BC5,IMPHASH=86AA9A65A9C8E606B1E09C96AE58BACC{62e4af84-16dc-6735-d10e-00000000f601}2356C:\Windows\System32\cmd.exe"cmd.exe" /c taskkill /F /IM BitLockerToGo.exe >nul 2>&1 & del %temp%\BitLockerInjectionTest.exe /f >nul 2>&1AR-WIN-5\Administrator 154100x80000000000000004995Microsoft-Windows-Sysmon/Operationalar-win-5.attackrange.local-2024-11-13 21:15:08.044{62e4af84-16dc-6735-d10e-00000000f601}2356C:\Windows\System32\cmd.exe10.0.20348.2520 (WinBuild.160101.0800)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"cmd.exe" /c taskkill /F /IM BitLockerToGo.exe >nul 2>&1 & del %%temp%%\BitLockerInjectionTest.exe /f >nul 2>&1C:\Users\ADMINI~1\AppData\Local\Temp\2\AR-WIN-5\Administrator{62e4af84-e0ec-6734-4fe4-310000000000}0x31e44f2HighMD5=503EE109CE5CAC4BD61084CB28FBD200,SHA256=54724F38FF2F85C3FF91DE434895668B6F39008FC205A668AB6AAFAD6FB4D93D,IMPHASH=D60B77062898DC6BFAE7FE11A0F8806C{62e4af84-e0ff-6734-5b08-00000000f601}3524C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" AR-WIN-5\Administrator 154100x80000000000000004984Microsoft-Windows-Sysmon/Operationalar-win-5.attackrange.local-2024-11-13 21:13:58.005{62e4af84-1696-6735-c60e-00000000f601}1536C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe10.0.22621.4111 (WinBuild.160101.0800)BitLocker To Go ReaderMicrosoft® Windows® Operating SystemMicrosoft CorporationBITLOCKERTOGO.EXE"C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe" C:\Users\ADMINI~1\AppData\Local\Temp\2\AR-WIN-5\Administrator{62e4af84-e0ec-6734-4fe4-310000000000}0x31e44f2HighMD5=3D380D2C670B1602F7F35E91124F2C96,SHA256=E2AE6CB0CC4A23ACFA1DF1EFA845813CD0F940DB5DE080590F4BE89651467243,IMPHASH=99F578D87C29DA248E71CD2C7CB536EA{62e4af84-1695-6735-c50e-00000000f601}6012C:\Users\ADMINI~1\AppData\Local\Temp\2\BitLockerInjectionTest.exeC:\Users\ADMINI~1\AppData\Local\Temp\2\BitLockerInjectionTest.exeAR-WIN-5\Administrator 154100x80000000000000004947Microsoft-Windows-Sysmon/Operationalar-win-5.attackrange.local-2024-11-13 21:11:22.785{62e4af84-15fa-6735-9e0e-00000000f601}2640C:\Windows\System32\taskkill.exe10.0.20348.1 (WinBuild.160101.0800)Terminates ProcessesMicrosoft® Windows® Operating SystemMicrosoft Corporationtaskkill.exetaskkill /F /IM BitLockerToGo.exe C:\Users\ADMINI~1\AppData\Local\Temp\2\AR-WIN-5\Administrator{62e4af84-e0ec-6734-4fe4-310000000000}0x31e44f2HighMD5=B0FB1B2E809144C5E768F70898D64A69,SHA256=81E9649B317DE9243BF7F34E436E86159BA267D86349FA47EFDB71DDE2FC7BC5,IMPHASH=86AA9A65A9C8E606B1E09C96AE58BACC{62e4af84-15fa-6735-9c0e-00000000f601}6892C:\Windows\System32\cmd.exe"cmd.exe" /c taskkill /F /IM BitLockerToGo.exe >nul 2>&1 & del %temp%\BitLockerInjectionTest.exe /f >nul 2>&1AR-WIN-5\Administrator 154100x80000000000000004946Microsoft-Windows-Sysmon/Operationalar-win-5.attackrange.local-2024-11-13 21:11:22.762{62e4af84-15fa-6735-9c0e-00000000f601}6892C:\Windows\System32\cmd.exe10.0.20348.2520 (WinBuild.160101.0800)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"cmd.exe" /c taskkill /F /IM BitLockerToGo.exe >nul 2>&1 & del %%temp%%\BitLockerInjectionTest.exe /f >nul 2>&1C:\Users\ADMINI~1\AppData\Local\Temp\2\AR-WIN-5\Administrator{62e4af84-e0ec-6734-4fe4-310000000000}0x31e44f2HighMD5=503EE109CE5CAC4BD61084CB28FBD200,SHA256=54724F38FF2F85C3FF91DE434895668B6F39008FC205A668AB6AAFAD6FB4D93D,IMPHASH=D60B77062898DC6BFAE7FE11A0F8806C{62e4af84-e0ff-6734-5b08-00000000f601}3524C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" AR-WIN-5\Administrator 824800x80000000000000004937Microsoft-Windows-Sysmon/Operationalar-win-5.attackrange.local-2024-11-13 21:10:03.013{62e4af84-15aa-6735-940e-00000000f601}4284C:\Windows\Temp\BitLockerInjectionTest.exe{62e4af84-ebbf-6734-010a-00000000f601}6364C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe26560x0000000000790000--AR-WIN-5\AdministratorAR-WIN-5\Administrator 22542200x80000000000000003761Microsoft-Windows-Sysmon/Operationalar-win-5.attackrange.local-2024-11-13 18:11:13.309{62e4af84-ebbf-6734-010a-00000000f601}6364steamcommunity.com0::ffff:104.68.104.163;C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeAR-WIN-5\Administrator 22542200x80000000000000003760Microsoft-Windows-Sysmon/Operationalar-win-5.attackrange.local-2024-11-13 18:11:13.307{62e4af84-ebbf-6734-010a-00000000f601}6364caffegclasiqwp.shop9003-C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeAR-WIN-5\Administrator 22542200x80000000000000003759Microsoft-Windows-Sysmon/Operationalar-win-5.attackrange.local-2024-11-13 18:11:13.306{62e4af84-ebbf-6734-010a-00000000f601}6364stamppreewntnq.shop9003-C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeAR-WIN-5\Administrator 22542200x80000000000000003758Microsoft-Windows-Sysmon/Operationalar-win-5.attackrange.local-2024-11-13 18:11:13.304{62e4af84-ebbf-6734-010a-00000000f601}6364stagedchheiqwo.shop9003-C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeAR-WIN-5\Administrator 22542200x80000000000000003757Microsoft-Windows-Sysmon/Operationalar-win-5.attackrange.local-2024-11-13 18:11:13.303{62e4af84-ebbf-6734-010a-00000000f601}6364millyscroqwp.shop9003-C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeAR-WIN-5\Administrator 22542200x80000000000000003756Microsoft-Windows-Sysmon/Operationalar-win-5.attackrange.local-2024-11-13 18:11:13.302{62e4af84-ebbf-6734-010a-00000000f601}6364evoliutwoqm.shop9003-C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeAR-WIN-5\Administrator 22542200x80000000000000003755Microsoft-Windows-Sysmon/Operationalar-win-5.attackrange.local-2024-11-13 18:11:13.300{62e4af84-ebbf-6734-010a-00000000f601}6364condedqpwqm.shop9003-C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeAR-WIN-5\Administrator 22542200x80000000000000003754Microsoft-Windows-Sysmon/Operationalar-win-5.attackrange.local-2024-11-13 18:11:13.299{62e4af84-ebbf-6734-010a-00000000f601}6364traineiwnqo.shop9003-C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeAR-WIN-5\Administrator 22542200x80000000000000003753Microsoft-Windows-Sysmon/Operationalar-win-5.attackrange.local-2024-11-13 18:11:13.297{62e4af84-ebbf-6734-010a-00000000f601}6364locatedblsoqp.shop9003-C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeAR-WIN-5\Administrator 22542200x80000000000000003752Microsoft-Windows-Sysmon/Operationalar-win-5.attackrange.local-2024-11-13 18:11:13.295{62e4af84-ebbf-6734-010a-00000000f601}6364timetabledffiewi.shop9003-C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeAR-WIN-5\Administrator 154100x80000000000000003750Microsoft-Windows-Sysmon/Operationalar-win-5.attackrange.local-2024-11-13 18:11:11.853{62e4af84-ebbf-6734-010a-00000000f601}6364C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe10.0.22621.4111 (WinBuild.160101.0800)BitLocker To Go ReaderMicrosoft® Windows® Operating SystemMicrosoft CorporationBITLOCKERTOGO.EXE"C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe"C:\Users\Administrator\Desktop\19892142129\AR-WIN-5\Administrator{62e4af84-e0ec-6734-4fe4-310000000000}0x31e44f2HighMD5=3D380D2C670B1602F7F35E91124F2C96,SHA256=E2AE6CB0CC4A23ACFA1DF1EFA845813CD0F940DB5DE080590F4BE89651467243,IMPHASH=99F578D87C29DA248E71CD2C7CB536EA{62e4af84-ebba-6734-000a-00000000f601}2524C:\Users\Administrator\Desktop\19892142129\setuplumma.exe"C:\Users\Administrator\Desktop\19892142129\setuplumma.exe" AR-WIN-5\Administrator 13241300x80000000000000003745Microsoft-Windows-Sysmon/Operationalar-win-5.attackrange.localInvDB-PathSetValue2024-11-13 18:11:00.261{62e4af84-e0ee-6734-3e08-00000000f601}2648C:\Windows\system32\svchost.exe\REGISTRY\A\{4aa0513b-449a-c089-161a-881d71d1aee2}\Root\InventoryApplicationFile\bitlockertogo.ex|c1b4f2774b651aad\LowerCaseLongPathc:\windows\bitlockerdiscoveryvolumecontents\bitlockertogo.exeNT AUTHORITY\SYSTEM 13241300x80000000000000003744Microsoft-Windows-Sysmon/Operationalar-win-5.attackrange.localInvDBSetValue2024-11-13 18:11:00.261{62e4af84-e0ee-6734-3e08-00000000f601}2648C:\Windows\system32\svchost.exeHKU\S-1-5-21-1731938146-2314223186-1848411941-500\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store\C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeBinary DataNT AUTHORITY\SYSTEM 13241300x80000000000000003743Microsoft-Windows-Sysmon/Operationalar-win-5.attackrange.localInvDBSetValue2024-11-13 18:10:58.246{62e4af84-e0ee-6734-3e08-00000000f601}2648C:\Windows\system32\svchost.exeHKU\S-1-5-21-1731938146-2314223186-1848411941-500\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store\C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeBinary DataNT AUTHORITY\SYSTEM 154100x80000000000000003742Microsoft-Windows-Sysmon/Operationalar-win-5.attackrange.local-2024-11-13 18:10:58.243{62e4af84-ebb2-6734-ff09-00000000f601}7012C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe10.0.22621.4111 (WinBuild.160101.0800)BitLocker To Go ReaderMicrosoft® Windows® Operating SystemMicrosoft CorporationBITLOCKERTOGO.EXE"C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe" C:\Windows\BitLockerDiscoveryVolumeContents\AR-WIN-5\Administrator{62e4af84-e0ec-6734-4fe4-310000000000}0x31e44f2HighMD5=3D380D2C670B1602F7F35E91124F2C96,SHA256=E2AE6CB0CC4A23ACFA1DF1EFA845813CD0F940DB5DE080590F4BE89651467243,IMPHASH=99F578D87C29DA248E71CD2C7CB536EA{62e4af84-e0ed-6734-2f08-00000000f601}4172C:\Windows\explorer.exeC:\Windows\Explorer.EXEAR-WIN-5\Administrator 11241100x80000000000000003741Microsoft-Windows-Sysmon/Operationalar-win-5.attackrange.localEXE2024-11-13 18:10:56.340{62e4af84-e0ed-6734-2f08-00000000f601}4172C:\Windows\Explorer.EXEC:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe2024-11-13 18:10:56.340AR-WIN-5\Administrator 534500x80000000000000003553Microsoft-Windows-Sysmon/Operationalar-win-5.attackrange.local-2024-11-13 17:47:44.573{62e4af84-e640-6734-6609-00000000f601}5912C:\Users\Administrator\Desktop\BitLockerToGo.exeAR-WIN-5\Administrator 154100x80000000000000003552Microsoft-Windows-Sysmon/Operationalar-win-5.attackrange.local-2024-11-13 17:47:44.568{62e4af84-e640-6734-6609-00000000f601}5912C:\Users\Administrator\Desktop\BitLockerToGo.exe10.0.22621.4111 (WinBuild.160101.0800)BitLocker To Go ReaderMicrosoft® Windows® Operating SystemMicrosoft CorporationBITLOCKERTOGO.EXE"C:\Users\Administrator\Desktop\BitLockerToGo.exe"C:\Users\Administrator\Desktop\AR-WIN-5\Administrator{62e4af84-e0ec-6734-4fe4-310000000000}0x31e44f2HighMD5=3D380D2C670B1602F7F35E91124F2C96,SHA256=E2AE6CB0CC4A23ACFA1DF1EFA845813CD0F940DB5DE080590F4BE89651467243,IMPHASH=99F578D87C29DA248E71CD2C7CB536EA{62e4af84-e0ff-6734-5b08-00000000f601}3524C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" AR-WIN-5\Administrator 13241300x80000000000000003548Microsoft-Windows-Sysmon/Operationalar-win-5.attackrange.localInvDB-PathSetValue2024-11-13 17:47:36.730{62e4af84-e0ee-6734-3e08-00000000f601}2648C:\Windows\system32\svchost.exe\REGISTRY\A\{4aa0513b-449a-c089-161a-881d71d1aee2}\Root\InventoryApplicationFile\bitlockertogo.ex|a4a70b69454e4546\LowerCaseLongPathc:\users\administrator\desktop\bitlockertogo.exeNT AUTHORITY\SYSTEM 13241300x80000000000000003547Microsoft-Windows-Sysmon/Operationalar-win-5.attackrange.localInvDBSetValue2024-11-13 17:47:36.730{62e4af84-e0ee-6734-3e08-00000000f601}2648C:\Windows\system32\svchost.exeHKU\S-1-5-21-1731938146-2314223186-1848411941-500\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store\C:\Users\Administrator\Desktop\BitLockerToGo.exeBinary DataNT AUTHORITY\SYSTEM 534500x80000000000000003546Microsoft-Windows-Sysmon/Operationalar-win-5.attackrange.local-2024-11-13 17:47:34.730{62e4af84-e636-6734-6509-00000000f601}4452C:\Users\Administrator\Desktop\BitLockerToGo.exeAR-WIN-5\Administrator 13241300x80000000000000003545Microsoft-Windows-Sysmon/Operationalar-win-5.attackrange.localInvDBSetValue2024-11-13 17:47:34.667{62e4af84-e0ee-6734-3e08-00000000f601}2648C:\Windows\system32\svchost.exeHKU\S-1-5-21-1731938146-2314223186-1848411941-500\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store\C:\Users\Administrator\Desktop\BitLockerToGo.exeBinary DataNT AUTHORITY\SYSTEM 154100x80000000000000003544Microsoft-Windows-Sysmon/Operationalar-win-5.attackrange.local-2024-11-13 17:47:34.657{62e4af84-e636-6734-6509-00000000f601}4452C:\Users\Administrator\Desktop\BitLockerToGo.exe10.0.22621.4111 (WinBuild.160101.0800)BitLocker To Go ReaderMicrosoft® Windows® Operating SystemMicrosoft CorporationBITLOCKERTOGO.EXE"C:\Users\Administrator\Desktop\BitLockerToGo.exe" C:\Users\Administrator\Desktop\AR-WIN-5\Administrator{62e4af84-e0ec-6734-4fe4-310000000000}0x31e44f2HighMD5=3D380D2C670B1602F7F35E91124F2C96,SHA256=E2AE6CB0CC4A23ACFA1DF1EFA845813CD0F940DB5DE080590F4BE89651467243,IMPHASH=99F578D87C29DA248E71CD2C7CB536EA{62e4af84-e0ed-6734-2f08-00000000f601}4172C:\Windows\explorer.exeC:\Windows\Explorer.EXEAR-WIN-5\Administrator 11241100x80000000000000003541Microsoft-Windows-Sysmon/Operationalar-win-5.attackrange.localEXE2024-11-13 17:47:32.277{62e4af84-e0ed-6734-2f08-00000000f601}4172C:\Windows\Explorer.EXEC:\Users\Administrator\Desktop\BitLockerToGo.exe2024-11-13 17:47:32.277AR-WIN-5\Administrator