11 2 4 11 0 0x8000000000000000 61285 Microsoft-Windows-Sysmon/Operational WIN11-22H2-X64.snapattack.labs - 2025-09-16 10:59:44.411 AC4C5E18-391A-68C9-0501-000000001A00 9004 C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe \\?\Volume{112b78eb-26e7-49e3-9e90-922fd8cfb387}\EFI\Boot\bootmgfw.efi 2025-09-16 10:59:44.410 WIN11-22H2-X64\localuser