System32
Events
Compliance
Validator
TLS/SSL
PingSentry
GeoIP
Tools
Source
Microsoft-Windows-Sysmon
(1)
Category
CreateRemoteThread detected (rule: CreateRemoteThread)
(1)
Tags
Sysmon
All events
ID
Event Message
8
CreateRemoteThread detected: RuleName: %1!s! UtcTime: %2!s! SourceProcessGuid: %3!s! SourceProcessId: %4!s! SourceImage: %5!s! TargetProcessGuid: %6!s! TargetProcessId: %7!s! TargetImage: %8!s! NewThreadId: %9!s! StartAddress: %10!s! StartModule: %11!s! StartFunction: %12!s! SourceUser: %13!s! TargetUser: %14!s!