154100x8000000000000000180036Microsoft-Windows-Sysmon/Operationalar-win-1-2025-10-15 15:23:29.093{5ab40fd1-bc71-68ef-2a4d-000000003a02}5148C:\Windows\System32\wbadmin.exe10.0.20348.4163 (WinBuild.160101.0800)Microsoft Management ConsoleMicrosoft® Windows® Operating SystemMicrosoft Corporationmmc.exe"C:\Windows\system32\mmc.exe" "C:\Windows\system32\wbadmin.msc" start recovery -version: -recoverytarget:C:\Windows\Temp\ -itemtype:file -items:C:\Windows\NTDS\NTDS.dit,C:\Windows\System32\config\SYSTEM -notRestoreAcl -quietC:\Users\Administrator\Downloads\AdFind\AR-WIN-1\Administrator{5ab40fd1-15fa-68ed-0a4b-5b0000000000}0x5b4b0a2HighMD5=35215B244155E20A8D62E266BEBEF442,SHA256=ADAF93B3426C99DEEF5E4709AFAF1E27306140B887DA353D78F30280110A84CB,IMPHASH=8E50F3DB4704D326E38560580722C9B1{5ab40fd1-16fb-68ed-8104-000000003a02}3840C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" AR-WIN-1\Administrator 154100x8000000000000000180696Microsoft-Windows-Sysmon/Operationalar-win-1-2025-10-15 16:42:36.193{5ab40fd1-cefc-68ef-754f-000000003a02}2980C:\Windows\System32\wbadmin.exe10.0.26100.1 (WinBuild.160101.0800)Command Line Interface for Microsoft® BLB BackupMicrosoft® Windows® Operating SystemMicrosoft CorporationWBADMIN.EXEwbadmin.exe start recovery -version: -recoverytarget:C:\Windows\Temp\ -itemtype:file -items:C:\Windows\NTDS\NTDS.dit,C:\Windows\System32\config\SYSTEM -notRestoreAcl -quietC:\Users\Administrator\Downloads\AdFind\AR-WIN-1\Administrator{5ab40fd1-15fa-68ed-0a4b-5b0000000000}0x5b4b0a2HighMD5=0EDBC4E9A3F84AF661108C34842CF1B6,SHA256=2FF96B0F9067D80D33D6C72E10972881ADD345E31D001F26AFD7F2485897D487,IMPHASH=115E21C61B168D33AAA2D0334F490AB7{5ab40fd1-16fb-68ed-8104-000000003a02}3840C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" AR-WIN-1\Administrator