Elastic Windows Event Explorer


Publisher - Microsoft-Windows-Sysmon

Event ID 7 v3

Message:

Image loaded:
RuleName: %{RuleName}
UtcTime: %{UtcTime}
ProcessGuid: %{ProcessGuid}
ProcessId: %{ProcessId}
Image: %{Image}
ImageLoaded: %{ImageLoaded}
FileVersion: %{FileVersion}
Description: %{Description}
Product: %{Product}
Company: %{Company}
OriginalFileName: %{OriginalFileName}
Hashes: %{Hashes}
Signed: %{Signed}
Signature: %{Signature}
SignatureStatus: %{SignatureStatus}

Event Data:

# Name In Type
Out Type
1 RuleName win:UnicodeString xs:string
2 UtcTime win:UnicodeString xs:string
3 ProcessGuid win:GUID xs:GUID
4 ProcessId win:UInt32 win:PID
5 Image win:UnicodeString xs:string
6 ImageLoaded win:UnicodeString xs:string
7 FileVersion win:UnicodeString xs:string
8 Description win:UnicodeString xs:string
9 Product win:UnicodeString xs:string
10 Company win:UnicodeString xs:string
11 OriginalFileName win:UnicodeString xs:string
12 Hashes win:UnicodeString xs:string
13 Signed win:UnicodeString xs:string
14 Signature win:UnicodeString xs:string
15 SignatureStatus win:UnicodeString xs:string

Observed Windows Versions:

Version: 3

Fingerprint: 7PH7SXFEABLMI