drop 4688 or sysmon evtx csv · squiblydoo · remote com scriptlets · applocker bypass · child chains · export csv · runs locally
security 4688 · sysmon event 1 · optional mft csv for local scriptlet status
drop 4688 or sysmon evtx csv · optional mft csv