154100x8000000000000000484889Microsoft-Windows-Sysmon/Operationalar-win-2-2025-04-17 17:09:11.807{2c0cb891-35b7-6801-87fc-000000004303}3856C:\Windows\System32\mmc.exe10.0.17763.6766 (WinBuild.160101.0800)Microsoft Management ConsoleMicrosoft® Windows® Operating SystemMicrosoft Corporationmmc.exe"C:\Windows\system32\mmc.exe" C:\Windows \System32\mock\WmiMgmt.msc C:\Users\Administrator\AR-WIN-2\Administrator{2c0cb891-f723-67f7-a5ee-1c0000000000}0x1ceea52HighMD5=4740E5DF94DFAAACA8E556B236D38764,SHA256=02159C30DCDB34254E407C0870FF44FECFE3B9A22227EC2D14CCF38D7C1E989E,IMPHASH=B8EE2D6252332A68B70B22E3D6E377D2{2c0cb891-3517-6801-6bfc-000000004303}3012C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" AR-WIN-2\Administrator 154100x8000000000000000484887Microsoft-Windows-Sysmon/Operationalar-win-2-2025-04-17 17:08:46.093{2c0cb891-359e-6801-86fc-000000004303}1140C:\Windows\System32\mmc.exe10.0.17763.6766 (WinBuild.160101.0800)Microsoft Management ConsoleMicrosoft® Windows® Operating SystemMicrosoft Corporationmmc.exe"C:\Windows\system32\mmc.exe" C:\Windows \System32\mock\WmiMgmt.msc C:\Users\Administrator\AR-WIN-2\Administrator{2c0cb891-f723-67f7-a5ee-1c0000000000}0x1ceea52HighMD5=4740E5DF94DFAAACA8E556B236D38764,SHA256=02159C30DCDB34254E407C0870FF44FECFE3B9A22227EC2D14CCF38D7C1E989E,IMPHASH=B8EE2D6252332A68B70B22E3D6E377D2{2c0cb891-3517-6801-6bfc-000000004303}3012C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" AR-WIN-2\Administrator 154100x8000000000000000484873Microsoft-Windows-Sysmon/Operationalar-win-2-2025-04-17 17:07:35.666{2c0cb891-3557-6801-79fc-000000004303}7076C:\Windows\System32\mmc.exe10.0.17763.6766 (WinBuild.160101.0800)Microsoft Management ConsoleMicrosoft® Windows® Operating SystemMicrosoft Corporationmmc.exe"C:\Windows\system32\mmc.exe" C:\Windows \System32\mock\WmiMgmt.msc C:\Users\Administrator\AR-WIN-2\Administrator{2c0cb891-f723-67f7-a5ee-1c0000000000}0x1ceea52HighMD5=4740E5DF94DFAAACA8E556B236D38764,SHA256=02159C30DCDB34254E407C0870FF44FECFE3B9A22227EC2D14CCF38D7C1E989E,IMPHASH=B8EE2D6252332A68B70B22E3D6E377D2{2c0cb891-3517-6801-6bfc-000000004303}3012C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" AR-WIN-2\Administrator