02/23/2022 03:28:41 AM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4105 EventType=5 Type=Verbose ComputerName=win-dc-128.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1166625382-1442148322-2337405042-500 SidType=0 TaskCategory=Starting Command OpCode=On create calls RecordNumber=2342107 Keywords=None Message=Started invocation of ScriptBlock ID: 800d6443-9bad-44b0-a329-4483d829ff20 Runspace ID: e99c9767-661e-46cc-bb83-b035ca24e4a0 02/23/2022 03:28:41 AM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4106 EventType=5 Type=Verbose ComputerName=win-dc-128.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1166625382-1442148322-2337405042-500 SidType=0 TaskCategory=Stopping Command OpCode=On create calls RecordNumber=2342106 Keywords=None Message=Completed invocation of ScriptBlock ID: ed355633-7f78-4f6e-b706-769e32cb9c76 Runspace ID: e99c9767-661e-46cc-bb83-b035ca24e4a0 02/23/2022 03:28:41 AM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4106 EventType=5 Type=Verbose ComputerName=win-dc-128.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1166625382-1442148322-2337405042-500 SidType=0 TaskCategory=Stopping Command OpCode=On create calls RecordNumber=2342105 Keywords=None Message=Completed invocation of ScriptBlock ID: 8a266a4f-ee41-4603-bccd-207e3ddedcf7 Runspace ID: e99c9767-661e-46cc-bb83-b035ca24e4a0 02/23/2022 03:28:41 AM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4105 EventType=5 Type=Verbose ComputerName=win-dc-128.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1166625382-1442148322-2337405042-500 SidType=0 TaskCategory=Starting Command OpCode=On create calls RecordNumber=2342104 Keywords=None Message=Started invocation of ScriptBlock ID: 8a266a4f-ee41-4603-bccd-207e3ddedcf7 Runspace ID: e99c9767-661e-46cc-bb83-b035ca24e4a0 02/23/2022 03:28:41 AM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4105 EventType=5 Type=Verbose ComputerName=win-dc-128.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1166625382-1442148322-2337405042-500 SidType=0 TaskCategory=Starting Command OpCode=On create calls RecordNumber=2342103 Keywords=None Message=Started invocation of ScriptBlock ID: ed355633-7f78-4f6e-b706-769e32cb9c76 Runspace ID: e99c9767-661e-46cc-bb83-b035ca24e4a0 02/23/2022 03:28:41 AM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4104 EventType=5 Type=Verbose ComputerName=win-dc-128.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1166625382-1442148322-2337405042-500 SidType=0 TaskCategory=Execute a Remote Command OpCode=On create calls RecordNumber=2342102 Keywords=None Message=Creating Scriptblock text (1 of 1): prompt ScriptBlock ID: ed355633-7f78-4f6e-b706-769e32cb9c76 Path: 02/23/2022 03:28:41 AM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4106 EventType=5 Type=Verbose ComputerName=win-dc-128.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1166625382-1442148322-2337405042-500 SidType=0 TaskCategory=Stopping Command OpCode=On create calls RecordNumber=2342101 Keywords=None Message=Completed invocation of ScriptBlock ID: 7a372e70-1385-4222-89c5-3ea977508947 Runspace ID: e99c9767-661e-46cc-bb83-b035ca24e4a0 02/23/2022 03:28:41 AM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4105 EventType=5 Type=Verbose ComputerName=win-dc-128.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1166625382-1442148322-2337405042-500 SidType=0 TaskCategory=Starting Command OpCode=On create calls RecordNumber=2342100 Keywords=None Message=Started invocation of ScriptBlock ID: 7a372e70-1385-4222-89c5-3ea977508947 Runspace ID: e99c9767-661e-46cc-bb83-b035ca24e4a0 02/23/2022 03:28:41 AM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4106 EventType=5 Type=Verbose ComputerName=win-dc-128.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1166625382-1442148322-2337405042-500 SidType=0 TaskCategory=Stopping Command OpCode=On create calls RecordNumber=2342099 Keywords=None Message=Completed invocation of ScriptBlock ID: b336db9d-98bf-4bfa-bb6f-0d4879ce5a2b Runspace ID: e99c9767-661e-46cc-bb83-b035ca24e4a0 02/23/2022 03:28:41 AM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4105 EventType=5 Type=Verbose ComputerName=win-dc-128.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1166625382-1442148322-2337405042-500 SidType=0 TaskCategory=Starting Command OpCode=On create calls RecordNumber=2342098 Keywords=None Message=Started invocation of ScriptBlock ID: b336db9d-98bf-4bfa-bb6f-0d4879ce5a2b Runspace ID: e99c9767-661e-46cc-bb83-b035ca24e4a0 02/23/2022 03:28:41 AM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4104 EventType=5 Type=Verbose ComputerName=win-dc-128.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1166625382-1442148322-2337405042-500 SidType=0 TaskCategory=Execute a Remote Command OpCode=On create calls RecordNumber=2342097 Keywords=None Message=Creating Scriptblock text (1 of 1): Get-ADuser Kendra_Burton | Set-ADAccountControl -DoesNotRequirePreAuth:$true ScriptBlock ID: b336db9d-98bf-4bfa-bb6f-0d4879ce5a2b Path: 02/23/2022 03:28:41 AM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4106 EventType=5 Type=Verbose ComputerName=win-dc-128.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1166625382-1442148322-2337405042-500 SidType=0 TaskCategory=Stopping Command OpCode=On create calls RecordNumber=2342096 Keywords=None Message=Completed invocation of ScriptBlock ID: 800d6443-9bad-44b0-a329-4483d829ff20 Runspace ID: e99c9767-661e-46cc-bb83-b035ca24e4a0