23 5 4 23 0 0x8000000000000000 61297 Microsoft-Windows-Sysmon/Operational WIN11-22H2-X64.snapattack.labs - 2025-09-16 10:59:59.177 AC4C5E18-391A-68C9-0501-000000001A00 9004 WIN11-22H2-X64\localuser C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe \\?\Volume{112b78eb-26e7-49e3-9e90-922fd8cfb387}\EFI\Boot\bootx64.efi MD5=12C9AC55B01B5B8F4B45D50DCDC2C64A,SHA256=B5632B54120F887EC3D1F1F405AD75C71A2C066DDB34E54EFA374C4F7190B2C1,IMPHASH=00000000000000000000000000000000 true true 11 2 4 11 0 0x8000000000000000 61287 Microsoft-Windows-Sysmon/Operational WIN11-22H2-X64.snapattack.labs - 2025-09-16 10:59:52.380 AC4C5E18-391A-68C9-0501-000000001A00 9004 C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe \\?\Volume{112b78eb-26e7-49e3-9e90-922fd8cfb387}\EFI\Boot\cloak.dat 2025-09-16 10:59:52.380 WIN11-22H2-X64\localuser 23 5 4 23 0 0x8000000000000000 61297 Microsoft-Windows-Sysmon/Operational WIN11-22H2-X64.snapattack.labs - 2025-09-16 10:59:59.177 AC4C5E18-391A-68C9-0501-000000001A00 9004 WIN11-22H2-X64\localuser C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe \\?\Volume{112b78eb-26e7-49e3-9e90-922fd8cfb387}\EFI\Boot\bootx64.efi MD5=12C9AC55B01B5B8F4B45D50DCDC2C64A,SHA256=B5632B54120F887EC3D1F1F405AD75C71A2C066DDB34E54EFA374C4F7190B2C1,IMPHASH=00000000000000000000000000000000 true true