A security analyst is investigating an incident to determine what an attacker was able to do on a compromised laptop. The analyst reviews the following SIEM log:

$\backslash$table$[[$Host$,$Event ID$,$Event source,Description$],[$PC$1,865,\backslash$table$[[$Microsoft$-$windows$-],[$SoftwareRestrictionpolicies$]],\backslash$table$[[$C: $\backslash$asdf $\frac{234}{\frac{?}{?}}$ asdf $234,$exe$],[$was blocked by Group$],[$policy$]]],[$PC$1,4608,\backslash$table$[[$Microsoft$-$Windows$-$Security$-],[$Auditing$]],\backslash$table$[[$A new process has been$],[$created$.],[$New Process$],[$Name:powershell.exe$],[$Creator Process$],[$Name: outlook.exe$]]],[$PC$1,4688,\backslash$table$[[$Microsoft$-$windows$-$Security$-],[$Auditing$]],\backslash$table$[[$A new process has been$],[$created$.],[$New Process Name:lat.psl$],[$Creator Process$],[$Name:powershell.exe$]]],[$PC$2,4625,\backslash$table$[[$Microsoft$-$Windows$-$Security$-],[$Auditing$]],\backslash$table$[[$An account failed to log$],[$on$.],[$LogonType: $3],[$SecurityID:Null SID$],[$Workstation Name:PC$1],[$Authentication Package$],[$Name:NTLM$]]]]$

Which of the following describes the method that was used to compromise the laptop?

A$.$ An attacker was able to move laterally from PC$1$ to PC$2$ using a pass$-$the$-$hash attack.

B$.$ An attacker was able to bypass the application approve list by emailing a spreadsheet attachment with an embedded PowerShell in the file.

C$.$ An attacker was able to install malware to the C:lasdif$234$ folder and use it to gain administrator rights and launch Outiook.

D$.$ An attacker was able to phish user credentials successfully from an Outlook user proflle.