Event ID 25

Process hiding techniques are detected.

Source:

Microsoft-Windows-Sysmon

Category:

Process Tampering (rule: ProcessTampering)

Process Tampering:
    RuleName: %1!s!
    UtcTime: %2!s!
    ProcessGuid: %3!s!
    ProcessId: %4!s!
    Image: %5!s!
    Type: %6!s!
    User: %7!s!

This event is generated when process hiding techniques such as "hollow" or "herpaderp" are being detected.

LEFT/RIGHT arrow keys for navigation

Back to List