Event ID 6

Provides information about a driver being loaded on the system

Source:

Microsoft-Windows-Sysmon

Category:

Driver loaded (rule: DriverLoad)

Driver loaded:
    RuleName: %1!s!
    UtcTime: %2!s!
    ImageLoaded: %3!s!
    Hashes: %4!s!
    Signed: %5!s!
    Signature: %6!s!
    SignatureStatus: %7!s!

The driver loaded events provides information about a driver being loaded on the system. The configured hashes are provided as well as signature information. The signature is created asynchronously for performance reasons and indicates if the file was removed after loading.

LEFT/RIGHT arrow keys for navigation

Back to List