Sysmon Events

ID	Event Message
8	CreateRemoteThread detected: RuleName: %1!s! UtcTime: %2!s! SourceProcessGuid: %3!s! SourceProcessId: %4!s! SourceImage: %5!s! TargetProcessGuid: %6!s! TargetProcessId: %7!s! TargetImage: %8!s! NewThreadId: %9!s! StartAddress: %10!s! StartModule: %11!s! StartFunction: %12!s! SourceUser: %13!s! TargetUser: %14!s!