drop sysmon or security evtx csv · detect lsass access and dump indicators · flag suspicious callers · minidump paths · runs locally
evtx csv (sysmon + security)
drop evtx csv
or click
sysmon 10 · security 4688 — evtxecmd / chainsaw export
drop sysmon or security evtx csv