3 5 4 3 0 0x8000000000000000 10633 Microsoft-Windows-Sysmon/Operational win10-base - 2022-04-08 17:09:36.515 B50C7A1E-6C50-6250-460C-000000002A00 8976 C:\Users\user\AppData\Local\Microsoft\WindowsApps\Get-Variable.exe WIN10-BASE\user tcp true false 10.0.76.107 win10-base.ec2.internal 50714 - false 10.0.76.10 - 4444 - 1 5 4 1 0 0x8000000000000000 10616 Microsoft-Windows-Sysmon/Operational win10-base - 2022-04-08 17:09:36.449 B50C7A1E-6C50-6250-460C-000000002A00 8976 C:\Users\user\AppData\Local\Microsoft\WindowsApps\Get-Variable.exe 2.2.14 ApacheBench command line utility Apache HTTP Server Apache Software Foundation ab.exe "C:\Users\user\AppData\Local\Microsoft\WindowsApps\Get-Variable.exe" Name host ValueOnly True C:\WINDOWS\system32\ WIN10-BASE\user B50C7A1E-50E3-6250-A046-240000000000 0x2446a0 2 Medium MD5=A601AC5726E2D2D16E71B72FE2BC834B,SHA256=B16DA4F750BE674AF746F10FBDD8C6C99EAA97C7965FB724BDF2FA78D0AC1958,IMPHASH=481F47BBB2C9C21E108D65F52B04C448 B50C7A1E-6C4E-6250-440C-000000002A00 5744 C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -windowstyle hidden WIN10-BASE\user 3 5 4 3 0 0x8000000000000000 10633 Microsoft-Windows-Sysmon/Operational win10-base - 2022-04-08 17:09:36.515 B50C7A1E-6C50-6250-460C-000000002A00 8976 C:\Users\user\AppData\Local\Microsoft\WindowsApps\Get-Variable.exe WIN10-BASE\user tcp true false 10.0.76.107 win10-base.ec2.internal 50714 - false 10.0.76.10 - 4444 - 1 5 4 1 0 0x8000000000000000 10616 Microsoft-Windows-Sysmon/Operational win10-base - 2022-04-08 17:09:36.449 B50C7A1E-6C50-6250-460C-000000002A00 8976 C:\Users\user\AppData\Local\Microsoft\WindowsApps\Get-Variable.exe 2.2.14 ApacheBench command line utility Apache HTTP Server Apache Software Foundation ab.exe "C:\Users\user\AppData\Local\Microsoft\WindowsApps\Get-Variable.exe" Name host ValueOnly True C:\WINDOWS\system32\ WIN10-BASE\user B50C7A1E-50E3-6250-A046-240000000000 0x2446a0 2 Medium MD5=A601AC5726E2D2D16E71B72FE2BC834B,SHA256=B16DA4F750BE674AF746F10FBDD8C6C99EAA97C7965FB724BDF2FA78D0AC1958,IMPHASH=481F47BBB2C9C21E108D65F52B04C448 B50C7A1E-6C4E-6250-440C-000000002A00 5744 C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -windowstyle hidden WIN10-BASE\user