154100x80000000000000003563Microsoft-Windows-Sysmon/Operationalar-win-dc-2-2025-08-25 14:29:38.237{2cb189ff-7352-68ac-cc0a-000000006303}1432C:\Windows\System32\wbem\WMIC.exe10.0.17763.1 (WinBuild.160101.0800)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic memorychipC:\Temp\1\AR-WIN-DC-2\Administrator{2cb189ff-4fa4-68ac-4626-180000000000}0x1826462HighMD5=390B2038C9ED2C94AB505921BC827FC7,SHA256=34C4ED50A3441BD7CB6411749771C637A8C18C791525D8FCB5AE71B0B1969BA6,IMPHASH=AF8CD6625FCE3244397EE550EFF4091E{2cb189ff-552a-68ac-6804-000000006303}2268C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" AR-WIN-DC-2\Administrator 4688201331200x8020000000000000174675Securityar-win-dc-2AR-WIN-DC-2\AdministratorAdministratorAR-WIN-DC-20x1826460x598C:\Windows\System32\wbem\WMIC.exe%%19360x8dcNULL SID--0x0C:\Windows\System32\cmd.exeMandatory Label\High Mandatory Level 4688201331200x8020000000000000174674Securityar-win-dc-2AR-WIN-DC-2\AdministratorAdministratorAR-WIN-DC-20x1826460x11d4C:\Windows\System32\wbem\WMIC.exe%%19360x8dcNULL SID--0x0C:\Windows\System32\cmd.exeMandatory Label\High Mandatory Level 154100x80000000000000003562Microsoft-Windows-Sysmon/Operationalar-win-dc-2-2025-08-25 14:29:30.571{2cb189ff-734a-68ac-cb0a-000000006303}4564C:\Windows\System32\wbem\WMIC.exe10.0.17763.1 (WinBuild.160101.0800)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic cpuC:\Temp\1\AR-WIN-DC-2\Administrator{2cb189ff-4fa4-68ac-4626-180000000000}0x1826462HighMD5=390B2038C9ED2C94AB505921BC827FC7,SHA256=34C4ED50A3441BD7CB6411749771C637A8C18C791525D8FCB5AE71B0B1969BA6,IMPHASH=AF8CD6625FCE3244397EE550EFF4091E{2cb189ff-552a-68ac-6804-000000006303}2268C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" AR-WIN-DC-2\Administrator 154100x80000000000000003554Microsoft-Windows-Sysmon/Operationalar-win-dc-2-2025-08-25 14:29:21.825{2cb189ff-7341-68ac-c40a-000000006303}5552C:\Windows\System32\wbem\WMIC.exe10.0.17763.1 (WinBuild.160101.0800)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic nicC:\Temp\1\AR-WIN-DC-2\Administrator{2cb189ff-4fa4-68ac-4626-180000000000}0x1826462HighMD5=390B2038C9ED2C94AB505921BC827FC7,SHA256=34C4ED50A3441BD7CB6411749771C637A8C18C791525D8FCB5AE71B0B1969BA6,IMPHASH=AF8CD6625FCE3244397EE550EFF4091E{2cb189ff-552a-68ac-6804-000000006303}2268C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" AR-WIN-DC-2\Administrator 4688201331200x8020000000000000174667Securityar-win-dc-2AR-WIN-DC-2\AdministratorAdministratorAR-WIN-DC-20x1826460x15b0C:\Windows\System32\wbem\WMIC.exe%%19360x8dcNULL SID--0x0C:\Windows\System32\cmd.exeMandatory Label\High Mandatory Level 4688201331200x8020000000000000174665Securityar-win-dc-2AR-WIN-DC-2\AdministratorAdministratorAR-WIN-DC-20x1826460x644C:\Windows\System32\wbem\WMIC.exe%%19360x8dcNULL SID--0x0C:\Windows\System32\cmd.exeMandatory Label\High Mandatory Level 154100x80000000000000003553Microsoft-Windows-Sysmon/Operationalar-win-dc-2-2025-08-25 14:29:11.130{2cb189ff-7337-68ac-c20a-000000006303}1604C:\Windows\System32\wbem\WMIC.exe10.0.17763.1 (WinBuild.160101.0800)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic diskdriveC:\Temp\1\AR-WIN-DC-2\Administrator{2cb189ff-4fa4-68ac-4626-180000000000}0x1826462HighMD5=390B2038C9ED2C94AB505921BC827FC7,SHA256=34C4ED50A3441BD7CB6411749771C637A8C18C791525D8FCB5AE71B0B1969BA6,IMPHASH=AF8CD6625FCE3244397EE550EFF4091E{2cb189ff-552a-68ac-6804-000000006303}2268C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" AR-WIN-DC-2\Administrator 154100x80000000000000003530Microsoft-Windows-Sysmon/Operationalar-win-dc-2-2025-08-25 14:25:57.691{2cb189ff-7275-68ac-ad0a-000000006303}3280C:\Windows\System32\wbem\WMIC.exe10.0.17763.1 (WinBuild.160101.0800)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic computersystem C:\Temp\1\AR-WIN-DC-2\Administrator{2cb189ff-4fa4-68ac-4626-180000000000}0x1826462HighMD5=390B2038C9ED2C94AB505921BC827FC7,SHA256=34C4ED50A3441BD7CB6411749771C637A8C18C791525D8FCB5AE71B0B1969BA6,IMPHASH=AF8CD6625FCE3244397EE550EFF4091E{2cb189ff-552a-68ac-6804-000000006303}2268C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" AR-WIN-DC-2\Administrator 4688201331200x8020000000000000174644Securityar-win-dc-2AR-WIN-DC-2\AdministratorAdministratorAR-WIN-DC-20x1826460xcd0C:\Windows\System32\wbem\WMIC.exe%%19360x8dcNULL SID--0x0C:\Windows\System32\cmd.exeMandatory Label\High Mandatory Level 154100x80000000000000003486Microsoft-Windows-Sysmon/Operationalar-win-dc-2-2025-08-25 14:19:32.445{2cb189ff-70f4-68ac-820a-000000006303}4588C:\Windows\System32\wbem\WMIC.exe10.0.17763.1 (WinBuild.160101.0800)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic computersystemC:\Temp\1\AR-WIN-DC-2\Administrator{2cb189ff-4fa4-68ac-4626-180000000000}0x1826462HighMD5=390B2038C9ED2C94AB505921BC827FC7,SHA256=34C4ED50A3441BD7CB6411749771C637A8C18C791525D8FCB5AE71B0B1969BA6,IMPHASH=AF8CD6625FCE3244397EE550EFF4091E{2cb189ff-552a-68ac-6804-000000006303}2268C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" AR-WIN-DC-2\Administrator 4688201331200x8020000000000000174599Securityar-win-dc-2AR-WIN-DC-2\AdministratorAdministratorAR-WIN-DC-20x1826460x11ecC:\Windows\System32\wbem\WMIC.exe%%19360x8dcNULL SID--0x0C:\Windows\System32\cmd.exeMandatory Label\High Mandatory Level 154100x80000000000000003385Microsoft-Windows-Sysmon/Operationalar-win-dc-2-2025-08-25 14:06:10.252{2cb189ff-6dd2-68ac-250a-000000006303}3412C:\Windows\System32\wbem\WMIC.exe10.0.17763.1 (WinBuild.160101.0800)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic nic get *C:\Temp\1\AR-WIN-DC-2\Administrator{2cb189ff-4fa4-68ac-4626-180000000000}0x1826462HighMD5=390B2038C9ED2C94AB505921BC827FC7,SHA256=34C4ED50A3441BD7CB6411749771C637A8C18C791525D8FCB5AE71B0B1969BA6,IMPHASH=AF8CD6625FCE3244397EE550EFF4091E{2cb189ff-552a-68ac-6804-000000006303}2268C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" AR-WIN-DC-2\Administrator 4688201331200x8020000000000000174502Securityar-win-dc-2AR-WIN-DC-2\AdministratorAdministratorAR-WIN-DC-20x1826460xd54C:\Windows\System32\wbem\WMIC.exe%%19360x8dcNULL SID--0x0C:\Windows\System32\cmd.exeMandatory Label\High Mandatory Level 154100x80000000000000003275Microsoft-Windows-Sysmon/Operationalar-win-dc-2-2025-08-25 13:51:07.954{2cb189ff-6a4b-68ac-be09-000000006303}1504C:\Windows\System32\wbem\WMIC.exe10.0.17763.1 (WinBuild.160101.0800)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic nicC:\Temp\1\AR-WIN-DC-2\Administrator{2cb189ff-4fa4-68ac-4626-180000000000}0x1826462HighMD5=390B2038C9ED2C94AB505921BC827FC7,SHA256=34C4ED50A3441BD7CB6411749771C637A8C18C791525D8FCB5AE71B0B1969BA6,IMPHASH=AF8CD6625FCE3244397EE550EFF4091E{2cb189ff-552a-68ac-6804-000000006303}2268C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" AR-WIN-DC-2\Administrator 4688201331200x8020000000000000174393Securityar-win-dc-2AR-WIN-DC-2\AdministratorAdministratorAR-WIN-DC-20x1826460x5e0C:\Windows\System32\wbem\WMIC.exe%%19360x8dcNULL SID--0x0C:\Windows\System32\cmd.exeMandatory Label\High Mandatory Level 4688201331200x8020000000000000174391Securityar-win-dc-2AR-WIN-DC-2\AdministratorAdministratorAR-WIN-DC-20x1826460x1388C:\Windows\System32\wbem\WMIC.exe%%19360x8dcNULL SID--0x0C:\Windows\System32\cmd.exeMandatory Label\High Mandatory Level 154100x80000000000000003274Microsoft-Windows-Sysmon/Operationalar-win-dc-2-2025-08-25 13:51:02.329{2cb189ff-6a46-68ac-bc09-000000006303}5000C:\Windows\System32\wbem\WMIC.exe10.0.17763.1 (WinBuild.160101.0800)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic nic get name,macaddress,ipaddressC:\Temp\1\AR-WIN-DC-2\Administrator{2cb189ff-4fa4-68ac-4626-180000000000}0x1826462HighMD5=390B2038C9ED2C94AB505921BC827FC7,SHA256=34C4ED50A3441BD7CB6411749771C637A8C18C791525D8FCB5AE71B0B1969BA6,IMPHASH=AF8CD6625FCE3244397EE550EFF4091E{2cb189ff-552a-68ac-6804-000000006303}2268C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" AR-WIN-DC-2\Administrator 154100x80000000000000003264Microsoft-Windows-Sysmon/Operationalar-win-dc-2-2025-08-25 13:49:34.521{2cb189ff-69ee-68ac-b409-000000006303}6008C:\Windows\System32\wbem\WMIC.exe10.0.17763.1 (WinBuild.160101.0800)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic diskdrive get modelC:\Temp\1\AR-WIN-DC-2\Administrator{2cb189ff-4fa4-68ac-4626-180000000000}0x1826462HighMD5=390B2038C9ED2C94AB505921BC827FC7,SHA256=34C4ED50A3441BD7CB6411749771C637A8C18C791525D8FCB5AE71B0B1969BA6,IMPHASH=AF8CD6625FCE3244397EE550EFF4091E{2cb189ff-552a-68ac-6804-000000006303}2268C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" AR-WIN-DC-2\Administrator 4688201331200x8020000000000000174383Securityar-win-dc-2AR-WIN-DC-2\AdministratorAdministratorAR-WIN-DC-20x1826460x1778C:\Windows\System32\wbem\WMIC.exe%%19360x8dcNULL SID--0x0C:\Windows\System32\cmd.exeMandatory Label\High Mandatory Level 154100x80000000000000003256Microsoft-Windows-Sysmon/Operationalar-win-dc-2-2025-08-25 13:49:09.664{2cb189ff-69d5-68ac-ad09-000000006303}3832C:\Windows\System32\wbem\WMIC.exe10.0.17763.1 (WinBuild.160101.0800)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic cpu get nameC:\Temp\1\AR-WIN-DC-2\Administrator{2cb189ff-4fa4-68ac-4626-180000000000}0x1826462HighMD5=390B2038C9ED2C94AB505921BC827FC7,SHA256=34C4ED50A3441BD7CB6411749771C637A8C18C791525D8FCB5AE71B0B1969BA6,IMPHASH=AF8CD6625FCE3244397EE550EFF4091E{2cb189ff-552a-68ac-6804-000000006303}2268C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" AR-WIN-DC-2\Administrator 4688201331200x8020000000000000174376Securityar-win-dc-2AR-WIN-DC-2\AdministratorAdministratorAR-WIN-DC-20x1826460xef8C:\Windows\System32\wbem\WMIC.exe%%19360x8dcNULL SID--0x0C:\Windows\System32\cmd.exeMandatory Label\High Mandatory Level 4688201331200x8020000000000000174375Securityar-win-dc-2AR-WIN-DC-2\AdministratorAdministratorAR-WIN-DC-20x1826460x10c4C:\Windows\System32\wbem\WMIC.exe%%19360x8dcNULL SID--0x0C:\Windows\System32\cmd.exeMandatory Label\High Mandatory Level 154100x80000000000000003255Microsoft-Windows-Sysmon/Operationalar-win-dc-2-2025-08-25 13:48:30.071{2cb189ff-69ae-68ac-ac09-000000006303}4292C:\Windows\System32\wbem\WMIC.exe10.0.17763.1 (WinBuild.160101.0800)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic cpu get name, speedC:\Temp\1\AR-WIN-DC-2\Administrator{2cb189ff-4fa4-68ac-4626-180000000000}0x1826462HighMD5=390B2038C9ED2C94AB505921BC827FC7,SHA256=34C4ED50A3441BD7CB6411749771C637A8C18C791525D8FCB5AE71B0B1969BA6,IMPHASH=AF8CD6625FCE3244397EE550EFF4091E{2cb189ff-552a-68ac-6804-000000006303}2268C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" AR-WIN-DC-2\Administrator 154100x80000000000000003251Microsoft-Windows-Sysmon/Operationalar-win-dc-2-2025-08-25 13:48:24.572{2cb189ff-69a8-68ac-a809-000000006303}4104C:\Windows\System32\wbem\WMIC.exe10.0.17763.1 (WinBuild.160101.0800)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic cpu get name,speedC:\Temp\1\AR-WIN-DC-2\Administrator{2cb189ff-4fa4-68ac-4626-180000000000}0x1826462HighMD5=390B2038C9ED2C94AB505921BC827FC7,SHA256=34C4ED50A3441BD7CB6411749771C637A8C18C791525D8FCB5AE71B0B1969BA6,IMPHASH=AF8CD6625FCE3244397EE550EFF4091E{2cb189ff-552a-68ac-6804-000000006303}2268C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" AR-WIN-DC-2\Administrator 4688201331200x8020000000000000174371Securityar-win-dc-2AR-WIN-DC-2\AdministratorAdministratorAR-WIN-DC-20x1826460x1008C:\Windows\System32\wbem\WMIC.exe%%19360x8dcNULL SID--0x0C:\Windows\System32\cmd.exeMandatory Label\High Mandatory Level 154100x80000000000000003246Microsoft-Windows-Sysmon/Operationalar-win-dc-2-2025-08-25 13:48:18.783{2cb189ff-69a2-68ac-a409-000000006303}6108C:\Windows\System32\wbem\WMIC.exe10.0.17763.1 (WinBuild.160101.0800)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic cpu get nameC:\Temp\1\AR-WIN-DC-2\Administrator{2cb189ff-4fa4-68ac-4626-180000000000}0x1826462HighMD5=390B2038C9ED2C94AB505921BC827FC7,SHA256=34C4ED50A3441BD7CB6411749771C637A8C18C791525D8FCB5AE71B0B1969BA6,IMPHASH=AF8CD6625FCE3244397EE550EFF4091E{2cb189ff-552a-68ac-6804-000000006303}2268C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" AR-WIN-DC-2\Administrator 4688201331200x8020000000000000174367Securityar-win-dc-2AR-WIN-DC-2\AdministratorAdministratorAR-WIN-DC-20x1826460x17dcC:\Windows\System32\wbem\WMIC.exe%%19360x8dcNULL SID--0x0C:\Windows\System32\cmd.exeMandatory Label\High Mandatory Level 154100x80000000000000003245Microsoft-Windows-Sysmon/Operationalar-win-dc-2-2025-08-25 13:48:11.941{2cb189ff-699b-68ac-a309-000000006303}4372C:\Windows\System32\wbem\WMIC.exe10.0.17763.1 (WinBuild.160101.0800)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic cpu C:\Temp\1\AR-WIN-DC-2\Administrator{2cb189ff-4fa4-68ac-4626-180000000000}0x1826462HighMD5=390B2038C9ED2C94AB505921BC827FC7,SHA256=34C4ED50A3441BD7CB6411749771C637A8C18C791525D8FCB5AE71B0B1969BA6,IMPHASH=AF8CD6625FCE3244397EE550EFF4091E{2cb189ff-552a-68ac-6804-000000006303}2268C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" AR-WIN-DC-2\Administrator 4688201331200x8020000000000000174366Securityar-win-dc-2AR-WIN-DC-2\AdministratorAdministratorAR-WIN-DC-20x1826460x1114C:\Windows\System32\wbem\WMIC.exe%%19360x8dcNULL SID--0x0C:\Windows\System32\cmd.exeMandatory Label\High Mandatory Level 154100x80000000000000003244Microsoft-Windows-Sysmon/Operationalar-win-dc-2-2025-08-25 13:48:02.747{2cb189ff-6992-68ac-a209-000000006303}2344C:\Windows\System32\wbem\WMIC.exe10.0.17763.1 (WinBuild.160101.0800)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic cpu get name,speedC:\Temp\1\AR-WIN-DC-2\Administrator{2cb189ff-4fa4-68ac-4626-180000000000}0x1826462HighMD5=390B2038C9ED2C94AB505921BC827FC7,SHA256=34C4ED50A3441BD7CB6411749771C637A8C18C791525D8FCB5AE71B0B1969BA6,IMPHASH=AF8CD6625FCE3244397EE550EFF4091E{2cb189ff-552a-68ac-6804-000000006303}2268C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" AR-WIN-DC-2\Administrator 4688201331200x8020000000000000174365Securityar-win-dc-2AR-WIN-DC-2\AdministratorAdministratorAR-WIN-DC-20x1826460x928C:\Windows\System32\wbem\WMIC.exe%%19360x8dcNULL SID--0x0C:\Windows\System32\cmd.exeMandatory Label\High Mandatory Level 4688201331200x8020000000000000174364Securityar-win-dc-2AR-WIN-DC-2\AdministratorAdministratorAR-WIN-DC-20x1826460x1690C:\Windows\System32\wbem\WMIC.exe%%19360x8dcNULL SID--0x0C:\Windows\System32\cmd.exeMandatory Label\High Mandatory Level 154100x80000000000000003243Microsoft-Windows-Sysmon/Operationalar-win-dc-2-2025-08-25 13:48:00.153{2cb189ff-6990-68ac-a109-000000006303}5776C:\Windows\System32\wbem\WMIC.exe10.0.17763.1 (WinBuild.160101.0800)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic cpu get name,C:\Temp\1\AR-WIN-DC-2\Administrator{2cb189ff-4fa4-68ac-4626-180000000000}0x1826462HighMD5=390B2038C9ED2C94AB505921BC827FC7,SHA256=34C4ED50A3441BD7CB6411749771C637A8C18C791525D8FCB5AE71B0B1969BA6,IMPHASH=AF8CD6625FCE3244397EE550EFF4091E{2cb189ff-552a-68ac-6804-000000006303}2268C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" AR-WIN-DC-2\Administrator 154100x80000000000000003242Microsoft-Windows-Sysmon/Operationalar-win-dc-2-2025-08-25 13:47:54.407{2cb189ff-698a-68ac-9f09-000000006303}5168C:\Windows\System32\wbem\WMIC.exe10.0.17763.1 (WinBuild.160101.0800)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic cpu get name,speedC:\Temp\1\AR-WIN-DC-2\Administrator{2cb189ff-4fa4-68ac-4626-180000000000}0x1826462HighMD5=390B2038C9ED2C94AB505921BC827FC7,SHA256=34C4ED50A3441BD7CB6411749771C637A8C18C791525D8FCB5AE71B0B1969BA6,IMPHASH=AF8CD6625FCE3244397EE550EFF4091E{2cb189ff-552a-68ac-6804-000000006303}2268C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" AR-WIN-DC-2\Administrator 4688201331200x8020000000000000174362Securityar-win-dc-2AR-WIN-DC-2\AdministratorAdministratorAR-WIN-DC-20x1826460x1430C:\Windows\System32\wbem\WMIC.exe%%19360x8dcNULL SID--0x0C:\Windows\System32\cmd.exeMandatory Label\High Mandatory Level 154100x80000000000000003230Microsoft-Windows-Sysmon/Operationalar-win-dc-2-2025-08-25 13:46:24.333{2cb189ff-6930-68ac-9509-000000006303}5552C:\Windows\System32\wbem\WMIC.exe10.0.17763.1 (WinBuild.160101.0800)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic diskdrive get model,size C:\Temp\1\AR-WIN-DC-2\Administrator{2cb189ff-4fa4-68ac-4626-180000000000}0x1826462HighMD5=390B2038C9ED2C94AB505921BC827FC7,SHA256=34C4ED50A3441BD7CB6411749771C637A8C18C791525D8FCB5AE71B0B1969BA6,IMPHASH=AF8CD6625FCE3244397EE550EFF4091E{2cb189ff-552a-68ac-6804-000000006303}2268C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" AR-WIN-DC-2\Administrator 4688201331200x8020000000000000174352Securityar-win-dc-2AR-WIN-DC-2\AdministratorAdministratorAR-WIN-DC-20x1826460x15b0C:\Windows\System32\wbem\WMIC.exe%%19360x8dcNULL SID--0x0C:\Windows\System32\cmd.exeMandatory Label\High Mandatory Level 154100x80000000000000003211Microsoft-Windows-Sysmon/Operationalar-win-dc-2-2025-08-25 13:43:56.871{2cb189ff-689c-68ac-8109-000000006303}4292C:\Windows\System32\wbem\WMIC.exe10.0.17763.1 (WinBuild.160101.0800)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic memorychip get capacity,speedC:\Temp\1\AR-WIN-DC-2\Administrator{2cb189ff-4fa4-68ac-4626-180000000000}0x1826462HighMD5=390B2038C9ED2C94AB505921BC827FC7,SHA256=34C4ED50A3441BD7CB6411749771C637A8C18C791525D8FCB5AE71B0B1969BA6,IMPHASH=AF8CD6625FCE3244397EE550EFF4091E{2cb189ff-552a-68ac-6804-000000006303}2268C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" AR-WIN-DC-2\Administrator 4688201331200x8020000000000000174330Securityar-win-dc-2AR-WIN-DC-2\AdministratorAdministratorAR-WIN-DC-20x1826460x10c4C:\Windows\System32\wbem\WMIC.exe%%19360x8dcNULL SID--0x0C:\Windows\System32\cmd.exeMandatory Label\High Mandatory Level 4688201331200x8020000000000000174329Securityar-win-dc-2AR-WIN-DC-2\AdministratorAdministratorAR-WIN-DC-20x1826460x6f4C:\Windows\System32\wbem\WMIC.exe%%19360x8dcNULL SID--0x0C:\Windows\System32\cmd.exeMandatory Label\High Mandatory Level 154100x80000000000000003210Microsoft-Windows-Sysmon/Operationalar-win-dc-2-2025-08-25 13:43:48.214{2cb189ff-6894-68ac-8009-000000006303}1780C:\Windows\System32\wbem\WMIC.exe10.0.17763.1 (WinBuild.160101.0800)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic cpu get name,speedC:\Temp\1\AR-WIN-DC-2\Administrator{2cb189ff-4fa4-68ac-4626-180000000000}0x1826462HighMD5=390B2038C9ED2C94AB505921BC827FC7,SHA256=34C4ED50A3441BD7CB6411749771C637A8C18C791525D8FCB5AE71B0B1969BA6,IMPHASH=AF8CD6625FCE3244397EE550EFF4091E{2cb189ff-552a-68ac-6804-000000006303}2268C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" AR-WIN-DC-2\Administrator 4688201331200x8020000000000000174327Securityar-win-dc-2AR-WIN-DC-2\AdministratorAdministratorAR-WIN-DC-20x1826460x858C:\Windows\System32\wbem\WMIC.exe%%19360x8dcNULL SID--0x0C:\Windows\System32\cmd.exeMandatory Label\High Mandatory Level 154100x80000000000000003209Microsoft-Windows-Sysmon/Operationalar-win-dc-2-2025-08-25 13:43:34.172{2cb189ff-6886-68ac-7e09-000000006303}2136C:\Windows\System32\wbem\WMIC.exe10.0.17763.1 (WinBuild.160101.0800)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic computersystem get name,domainC:\Temp\1\AR-WIN-DC-2\Administrator{2cb189ff-4fa4-68ac-4626-180000000000}0x1826462HighMD5=390B2038C9ED2C94AB505921BC827FC7,SHA256=34C4ED50A3441BD7CB6411749771C637A8C18C791525D8FCB5AE71B0B1969BA6,IMPHASH=AF8CD6625FCE3244397EE550EFF4091E{2cb189ff-552a-68ac-6804-000000006303}2268C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" AR-WIN-DC-2\Administrator 154100x80000000000000002857Microsoft-Windows-Sysmon/Operationalar-win-dc-2-2025-08-25 13:09:59.095{2cb189ff-60a7-68ac-5d08-000000006303}2032C:\Windows\System32\cmd.exe10.0.17763.1697 (WinBuild.160101.0800)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c "mkdir C:\Programdata\info && systeminfo >> C:\Programdata\info\info.txt && wmic computersystem get name,domain >> C:\Programdata\info\info.txt && wmic cpu get name,speed >> C:\Programdata\info\info.txt && wmic memorychip get capacity,speed >> C:\Programdata\info\info.txt && wmic diskdrive get model,size >> C:\Programdata\info\info.txt && wmic nic get name,macaddress,ipaddress >> C:\Programdata\info\info.txt && tasklist >> C:\Programdata\info\info.txt && net start >> C:\Programdata\info\info.txt && whoami /user >> C:\Programdata\info\info.txt && dsquery user -samid %%username%% >> C:\Programdata\info\info.txt && dsquery computer -samid %%COMPUTERNAME%% >> C:\Programdata\info\info.txt && dsquery group >> C:\Programdata\info\info.txt && dsquery ou >> C:\Programdata\info\info.txt && dsquery site >> C:\Programdata\info\info.txt && dsquery subnet >> C:\Programdata\info\info.txt && dsquery server >> C:\Programdata\info\info.txt && dsquery domain >> C:\Programdata\info\info.txt"C:\Temp\1\AR-WIN-DC-2\Administrator{2cb189ff-4fa4-68ac-4626-180000000000}0x1826462HighMD5=911D039E71583A07320B32BDE22F8E22,SHA256=BC866CFCDDA37E24DC2634DC282C7A0E6F55209DA17A8FA105B07414C0E7C527,IMPHASH=272245E2988E1E430500B852C4FB5E18{2cb189ff-6082-68ac-5608-000000006303}5144C:\Python313\python.exepython lamehug.pyAR-WIN-DC-2\Administrator 154100x80000000000000002023Microsoft-Windows-Sysmon/Operationalar-win-dc-2-2025-08-25 12:53:45.889{2cb189ff-5cd9-68ac-9305-000000006303}3524C:\Windows\System32\cmd.exe10.0.17763.1697 (WinBuild.160101.0800)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c "mkdir C:\Programdata\info && systeminfo >> C:\Programdata\info\info.txt && wmic computersystem get name,domain >> C:\Programdata\info\info.txt && wmic cpu get name,speed >> C:\Programdata\info\info.txt && wmic memorychip get capacity,speed >> C:\Programdata\info\info.txt && wmic diskdrive get model,size >> C:\Programdata\info\info.txt && wmic nic get name,macaddress,ipaddress >> C:\Programdata\info\info.txt && tasklist >> C:\Programdata\info\info.txt && net start >> C:\Programdata\info\info.txt && whoami /user >> C:\Programdata\info\info.txt && dsquery user -samid %%username%% >> C:\Programdata\info\info.txt && dsquery computer -samid %%COMPUTERNAME%% >> C:\Programdata\info\info.txt && dsquery group >> C:\Programdata\info\info.txt && dsquery ou >> C:\Programdata\info\info.txt && dsquery site >> C:\Programdata\info\info.txt && dsquery subnet >> C:\Programdata\info\info.txt && dsquery server >> C:\Programdata\info\info.txt && dsquery domain >> C:\Programdata\info\info.txt"C:\Temp\1\AR-WIN-DC-2\Administrator{2cb189ff-4fa4-68ac-4626-180000000000}0x1826462HighMD5=911D039E71583A07320B32BDE22F8E22,SHA256=BC866CFCDDA37E24DC2634DC282C7A0E6F55209DA17A8FA105B07414C0E7C527,IMPHASH=272245E2988E1E430500B852C4FB5E18{2cb189ff-5cb4-68ac-8c05-000000006303}4132C:\Python313\python.exepython lamehug.pyAR-WIN-DC-2\Administrator 154100x80000000000000001988Microsoft-Windows-Sysmon/Operationalar-win-dc-2-2025-08-25 12:51:47.794{2cb189ff-5c63-68ac-7b05-000000006303}4692C:\Windows\System32\cmd.exe10.0.17763.1697 (WinBuild.160101.0800)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c "mkdir C:\Programdata\info && systeminfo >> C:\Programdata\info\info.txt && wmic computersystem get name,domain >> C:\Programdata\info\info.txt && wmic cpu get name,speed >> C:\Programdata\info\info.txt && wmic memorychip get capacity,speed >> C:\Programdata\info\info.txt && wmic diskdrive get model,size >> C:\Programdata\info\info.txt && wmic nic get name,macaddress,ipaddress >> C:\Programdata\info\info.txt && tasklist >> C:\Programdata\info\info.txt && net start >> C:\Programdata\info\info.txt && whoami /user >> C:\Programdata\info\info.txt && dsquery user -samid %%username%% >> C:\Programdata\info\info.txt && dsquery computer -samid %%COMPUTERNAME%% >> C:\Programdata\info\info.txt && dsquery group -name * >> C:\Programdata\info\info.txt && dsquery ou >> C:\Programdata\info\info.txt && dsquery site >> C:\Programdata\info\info.txt && dsquery subnet >> C:\Programdata\info\info.txt && dsquery server >> C:\Programdata\info\info.txt && dsget domain >> C:\Programdata\info\info.txt"C:\Temp\1\AR-WIN-DC-2\Administrator{2cb189ff-4fa4-68ac-4626-180000000000}0x1826462HighMD5=911D039E71583A07320B32BDE22F8E22,SHA256=BC866CFCDDA37E24DC2634DC282C7A0E6F55209DA17A8FA105B07414C0E7C527,IMPHASH=272245E2988E1E430500B852C4FB5E18{2cb189ff-5c41-68ac-7305-000000006303}5068C:\Python313\python.exepython lamehug.pyAR-WIN-DC-2\Administrator 154100x80000000000000001913Microsoft-Windows-Sysmon/Operationalar-win-dc-2-2025-08-25 12:43:29.997{2cb189ff-5a71-68ac-3c05-000000006303}3380C:\Windows\System32\cmd.exe10.0.17763.1697 (WinBuild.160101.0800)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c "mkdir C:\Programdata\info && systeminfo >> C:\Programdata\info\info.txt && wmic computersystem get name,domain >> C:\Programdata\info\info.txt && wmic cpu get name,speed >> C:\Programdata\info\info.txt && wmic memorychip get capacity,speed >> C:\Programdata\info\info.txt && wmic diskdrive get model,size >> C:\Programdata\info\info.txt && wmic nic get name,macaddress,ipaddress >> C:\Programdata\info\info.txt && tasklist >> C:\Programdata\info\info.txt && net start >> C:\Programdata\info\info.txt && whoami /user >> C:\Programdata\info\info.txt && dsquery user -samid %%username%% >> C:\Programdata\info\info.txt && dsquery computer -samid %%COMPUTERNAME%% >> C:\Programdata\info\info.txt && dsquery group >> C:\Programdata\info\info.txt && dsquery ou >> C:\Programdata\info\info.txt && dsquery site >> C:\Programdata\info\info.txt && dsquery subnet >> C:\Programdata\info\info.txt && dsquery server >> C:\Programdata\info\info.txt && dsquery domain >> C:\Programdata\info\info.txt"C:\Temp\1\AR-WIN-DC-2\Administrator{2cb189ff-4fa4-68ac-4626-180000000000}0x1826462HighMD5=911D039E71583A07320B32BDE22F8E22,SHA256=BC866CFCDDA37E24DC2634DC282C7A0E6F55209DA17A8FA105B07414C0E7C527,IMPHASH=272245E2988E1E430500B852C4FB5E18{2cb189ff-5a4e-68ac-3505-000000006303}480C:\Python313\python.exepython lamehug.pyAR-WIN-DC-2\Administrator 154100x80000000000000001875Microsoft-Windows-Sysmon/Operationalar-win-dc-2-2025-08-25 12:40:29.455{2cb189ff-59bd-68ac-1d05-000000006303}4340C:\Windows\System32\cmd.exe10.0.17763.1697 (WinBuild.160101.0800)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c "mkdir C:\Programdata\info && systeminfo >> C:\Programdata\info\info.txt && wmic computersystem get name,domain >> C:\Programdata\info\info.txt && wmic cpu get name,speed >> C:\Programdata\info\info.txt && wmic memorychip get capacity,speed >> C:\Programdata\info\info.txt && wmic diskdrive get model,size >> C:\Programdata\info\info.txt && wmic nic get name,macaddress,ipaddress >> C:\Programdata\info\info.txt && tasklist >> C:\Programdata\info\info.txt && net start >> C:\Programdata\info\info.txt && whoami /user >> C:\Programdata\info\info.txt && dsquery user -samid %%username%% >> C:\Programdata\info\info.txt && dsquery computer -samid %%COMPUTERNAME%% >> C:\Programdata\info\info.txt && dsquery group -name * >> C:\Programdata\info\info.txt && dsquery ou >> C:\Programdata\info\info.txt && dsquery site >> C:\Programdata\info\info.txt && dsquery subnet >> C:\Programdata\info\info.txt && dsquery server >> C:\Programdata\info\info.txt && echo Domain Information: && net config workstation >> C:\Programdata\info\info.txt && echo Network Configuration: && ipconfig /all >> C:\Programdata\info\info.txt && echo DNS Client Resolver Cache: && ipconfig /displaydns >> C:\Programdata\info\info.txt && echo Network Connections: && netstat -an >> C:\Programdata\info\info.txt && echo Routing Table: && route print >> C:\Programdata\info\info.txt && echo ARP Cache: && arp -a >> C:\Programdata\info\info.txt && echo Active Directory Domain Information: && net ads info >> C:\Programdata\info\info.txt"C:\Temp\1\AR-WIN-DC-2\Administrator{2cb189ff-4fa4-68ac-4626-180000000000}0x1826462HighMD5=911D039E71583A07320B32BDE22F8E22,SHA256=BC866CFCDDA37E24DC2634DC282C7A0E6F55209DA17A8FA105B07414C0E7C527,IMPHASH=272245E2988E1E430500B852C4FB5E18{2cb189ff-5996-68ac-1605-000000006303}5340C:\Python313\python.exepython lamehug.pyAR-WIN-DC-2\Administrator 154100x80000000000000001836Microsoft-Windows-Sysmon/Operationalar-win-dc-2-2025-08-25 12:38:09.907{2cb189ff-5931-68ac-fe04-000000006303}2576C:\Windows\System32\cmd.exe10.0.17763.1697 (WinBuild.160101.0800)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c "mkdir C:\Programdata\info && systeminfo >> C:\Programdata\info\info.txt && wmic computersystem get name,domain >> C:\Programdata\info\info.txt && wmic cpu get name,speed >> C:\Programdata\info\info.txt && wmic memorychip get capacity,speed >> C:\Programdata\info\info.txt && wmic diskdrive get model,size >> C:\Programdata\info\info.txt && wmic nic get name,macaddress,ipaddress >> C:\Programdata\info\info.txt && tasklist >> C:\Programdata\info\info.txt && net start >> C:\Programdata\info\info.txt && whoami /user >> C:\Programdata\info\info.txt && dsquery user -samid %%username%% >> C:\Programdata\info\info.txt && dsquery computer -name %%COMPUTERNAME%% >> C:\Programdata\info\info.txt && dsquery group -name * >> C:\Programdata\info\info.txt && dsquery ou >> C:\Programdata\info\info.txt && dsquery site >> C:\Programdata\info\info.txt && dsquery subnet >> C:\Programdata\info\info.txt && dsquery server >> C:\Programdata\info\info.txt && dsquery domain >> C:\Programdata\info\info.txt"C:\Temp\1\AR-WIN-DC-2\Administrator{2cb189ff-4fa4-68ac-4626-180000000000}0x1826462HighMD5=911D039E71583A07320B32BDE22F8E22,SHA256=BC866CFCDDA37E24DC2634DC282C7A0E6F55209DA17A8FA105B07414C0E7C527,IMPHASH=272245E2988E1E430500B852C4FB5E18{2cb189ff-590e-68ac-fd04-000000006303}6116C:\Python313\python.exepython lamehug.pyAR-WIN-DC-2\Administrator 4688201331200x8020000000000000172561Securityar-win-dc-2AR-WIN-DC-2\AdministratorAdministratorAR-WIN-DC-20x1826460xb14C:\Windows\System32\wbem\WMIC.exe%%19360x1608NULL SID--0x0C:\Windows\System32\cmd.exeMandatory Label\High Mandatory Level 154100x80000000000000001782Microsoft-Windows-Sysmon/Operationalar-win-dc-2-2025-08-25 12:32:28.011{2cb189ff-57dc-68ac-d204-000000006303}2836C:\Windows\System32\wbem\WMIC.exe10.0.17763.1 (WinBuild.160101.0800)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic cpu get name,speed C:\Temp\1\AR-WIN-DC-2\Administrator{2cb189ff-4fa4-68ac-4626-180000000000}0x1826462HighMD5=390B2038C9ED2C94AB505921BC827FC7,SHA256=34C4ED50A3441BD7CB6411749771C637A8C18C791525D8FCB5AE71B0B1969BA6,IMPHASH=AF8CD6625FCE3244397EE550EFF4091E{2cb189ff-57d9-68ac-ca04-000000006303}5640C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c "mkdir C:\Programdata\info && systeminfo >> C:\Programdata\info\info.txt && wmic computersystem get name,domain >> C:\Programdata\info\info.txt && wmic cpu get name,speed >> C:\Programdata\info\info.txt && wmic memorychip get capacity,speed >> C:\Programdata\info\info.txt && wmic diskdrive get model,size >> C:\Programdata\info\info.txt && wmic nic get name,macaddress,ipaddress >> C:\Programdata\info\info.txt && wmic process get name,processid >> C:\Programdata\info\info.txt && wmic service get name,state >> C:\Programdata\info\info.txt && net config workstation >> C:\Programdata\info\info.txt && dsquery user domainroot -limit 0 >> C:\Programdata\info\info.txt && dsquery computer domainroot -limit 0 >> C:\Programdata\info\info.txt && dsquery ou domainroot -limit 0 >> C:\Programdata\info\info.txt"AR-WIN-DC-2\Administrator 4688201331200x8020000000000000172560Securityar-win-dc-2AR-WIN-DC-2\AdministratorAdministratorAR-WIN-DC-20x1826460xd78C:\Windows\System32\wbem\WMIC.exe%%19360x1608NULL SID--0x0C:\Windows\System32\cmd.exeMandatory Label\High Mandatory Level 154100x80000000000000001781Microsoft-Windows-Sysmon/Operationalar-win-dc-2-2025-08-25 12:32:27.858{2cb189ff-57db-68ac-d104-000000006303}3448C:\Windows\System32\wbem\WMIC.exe10.0.17763.1 (WinBuild.160101.0800)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic computersystem get name,domain C:\Temp\1\AR-WIN-DC-2\Administrator{2cb189ff-4fa4-68ac-4626-180000000000}0x1826462HighMD5=390B2038C9ED2C94AB505921BC827FC7,SHA256=34C4ED50A3441BD7CB6411749771C637A8C18C791525D8FCB5AE71B0B1969BA6,IMPHASH=AF8CD6625FCE3244397EE550EFF4091E{2cb189ff-57d9-68ac-ca04-000000006303}5640C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c "mkdir C:\Programdata\info && systeminfo >> C:\Programdata\info\info.txt && wmic computersystem get name,domain >> C:\Programdata\info\info.txt && wmic cpu get name,speed >> C:\Programdata\info\info.txt && wmic memorychip get capacity,speed >> C:\Programdata\info\info.txt && wmic diskdrive get model,size >> C:\Programdata\info\info.txt && wmic nic get name,macaddress,ipaddress >> C:\Programdata\info\info.txt && wmic process get name,processid >> C:\Programdata\info\info.txt && wmic service get name,state >> C:\Programdata\info\info.txt && net config workstation >> C:\Programdata\info\info.txt && dsquery user domainroot -limit 0 >> C:\Programdata\info\info.txt && dsquery computer domainroot -limit 0 >> C:\Programdata\info\info.txt && dsquery ou domainroot -limit 0 >> C:\Programdata\info\info.txt"AR-WIN-DC-2\Administrator 154100x80000000000000001776Microsoft-Windows-Sysmon/Operationalar-win-dc-2-2025-08-25 12:32:25.524{2cb189ff-57d9-68ac-cb04-000000006303}1796C:\Windows\System32\systeminfo.exe10.0.17763.1 (WinBuild.160101.0800)Displays system informationMicrosoft® Windows® Operating SystemMicrosoft Corporationsysinfo.exesysteminfo C:\Temp\1\AR-WIN-DC-2\Administrator{2cb189ff-4fa4-68ac-4626-180000000000}0x1826462HighMD5=F2D7816271A27223945E8AE24B6F81F7,SHA256=1084ADF2DDBE903BD71A496720B0D6616882F120D1B3FFEAE8D47FEB0D9CC123,IMPHASH=C5985EAB8C1ED292344936A4595C1438{2cb189ff-57d9-68ac-ca04-000000006303}5640C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c "mkdir C:\Programdata\info && systeminfo >> C:\Programdata\info\info.txt && wmic computersystem get name,domain >> C:\Programdata\info\info.txt && wmic cpu get name,speed >> C:\Programdata\info\info.txt && wmic memorychip get capacity,speed >> C:\Programdata\info\info.txt && wmic diskdrive get model,size >> C:\Programdata\info\info.txt && wmic nic get name,macaddress,ipaddress >> C:\Programdata\info\info.txt && wmic process get name,processid >> C:\Programdata\info\info.txt && wmic service get name,state >> C:\Programdata\info\info.txt && net config workstation >> C:\Programdata\info\info.txt && dsquery user domainroot -limit 0 >> C:\Programdata\info\info.txt && dsquery computer domainroot -limit 0 >> C:\Programdata\info\info.txt && dsquery ou domainroot -limit 0 >> C:\Programdata\info\info.txt"AR-WIN-DC-2\Administrator 154100x80000000000000001775Microsoft-Windows-Sysmon/Operationalar-win-dc-2-2025-08-25 12:32:25.512{2cb189ff-57d9-68ac-ca04-000000006303}5640C:\Windows\System32\cmd.exe10.0.17763.1697 (WinBuild.160101.0800)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c "mkdir C:\Programdata\info && systeminfo >> C:\Programdata\info\info.txt && wmic computersystem get name,domain >> C:\Programdata\info\info.txt && wmic cpu get name,speed >> C:\Programdata\info\info.txt && wmic memorychip get capacity,speed >> C:\Programdata\info\info.txt && wmic diskdrive get model,size >> C:\Programdata\info\info.txt && wmic nic get name,macaddress,ipaddress >> C:\Programdata\info\info.txt && wmic process get name,processid >> C:\Programdata\info\info.txt && wmic service get name,state >> C:\Programdata\info\info.txt && net config workstation >> C:\Programdata\info\info.txt && dsquery user domainroot -limit 0 >> C:\Programdata\info\info.txt && dsquery computer domainroot -limit 0 >> C:\Programdata\info\info.txt && dsquery ou domainroot -limit 0 >> C:\Programdata\info\info.txt"C:\Temp\1\AR-WIN-DC-2\Administrator{2cb189ff-4fa4-68ac-4626-180000000000}0x1826462HighMD5=911D039E71583A07320B32BDE22F8E22,SHA256=BC866CFCDDA37E24DC2634DC282C7A0E6F55209DA17A8FA105B07414C0E7C527,IMPHASH=272245E2988E1E430500B852C4FB5E18{2cb189ff-57b5-68ac-c604-000000006303}1512C:\Python313\python.exepython lamehug.pyAR-WIN-DC-2\Administrator