drop sysmon evtx csv · detect malware performing environment checks for vm sandbox and analysis detection · identify registry and wmi queries probing for virtual machine artifacts · surface systematic evasion behavior · runs locally
sysmon 1/7/11/12/13/22 · registry vm probes · dns sandbox checks · timing evasion · driver file reads
drop sysmon evtx csv (events 1 · 7 · 11 · 12 · 13 · 22)