Sysmon collects other useful information such as the hashes and signer information for the image that was loaded. As you can see, the process notepad.exe loaded kernel32.dll. You can review Sysmon events in Event Viewer under Microsoft-Windows-Sysmon/Operational. ![]() ![]() ![]() Roberto Rodriguez’s ( Sysmon configuration file will capture the above Event ID.Įxecute the following command to install Sysmon and apply a configuration file.
0 Comments
Leave a Reply. |