diff --git a/artifacts/definitions/Windows/Forensics/UserAccessLogs.yaml b/artifacts/definitions/Windows/Forensics/UserAccessLogs.yaml
index 28ba4e55c3e..aa1e1b82603 100644
--- a/artifacts/definitions/Windows/Forensics/UserAccessLogs.yaml
+++ b/artifacts/definitions/Windows/Forensics/UserAccessLogs.yaml
@@ -111,8 +111,8 @@ sources:
                })) AS Value
             FROM items(item={
                SELECT *, get(item=RoleLookup, field=RoleGuid).RoleName AS RoleName,
-                  format(format="%02x", args=Address) AS RawAddress,
-                  FormatAddress(Address=Address) AS Address
+                  Address AS RawAddress,
+                  FormatAddress(Address=unhex(string=Address)) AS Address
                FROM parse_ese(file=OSPath, table="CLIENTS")
             })
         }, column="Value")