154100x8000000000000000233215Microsoft-Windows-Sysmon/Operationalar-win-3-2025-03-18 17:25:43.140{e8747bb8-ac97-67d9-f5ae-000000004003}188C:\Windows\System32\wbem\WMIC.exe10.0.17763.1 (WinBuild.160101.0800)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exe"C:\Windows\System32\Wbem\WMIC.exe" shadowcopy deleteC:\Users\Administrator\AppData\Local\AR-WIN-3\Administrator{e8747bb8-02ee-67d3-99ca-070000000000}0x7ca992HighMD5=390B2038C9ED2C94AB505921BC827FC7,SHA256=34C4ED50A3441BD7CB6411749771C637A8C18C791525D8FCB5AE71B0B1969BA6{e8747bb8-034f-67d3-0b01-000000004003}6084C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" AR-WIN-3\Administrator