How to back up Windows registry. PsToolsv2.45 (July 4, 2016)The PsTools suite includes command-line utilities for listing the processes running on a system.

Sysmon Event Log

I tried on a non-embedded XP system (XP Pro, Service Pack 3). PsInfov1.77 (April 28, 2010)

Local Security Authority (Lsass.exe) in order to steal credentials for use in Pass-the-Hash attacks.

AccessChkv6.02 (July 4, 2016)AccessChk is a command-line tool for viewing the effective permissions on files, registry keys and Windows services. Once Windows has started again, launch the Event Viewer (Eventvwr.msc).

Junctionv1.07 (July 4, 2016)Create Windows junctions.

PendMovesv1.2 (February 5, 2013)Enumerate the list of file rename and delete commands for the next reboot. PortMonv3.03 (January 12, 2012)Monitor serial and parallel port activity.

Ctrl2capv2.0 (November 1, 2006)This is a kernel-mode driver that demonstrates keyboard input filtering

ShellRunasv1.01 (February 28, 2008)Launch programs as a different user.

Ctrl2cap also shows how to use NtDisplayString()

Microsoft Customer Support Microsoft Community Forums

DiskViewv2.4 (March 25, 2012) Sysmon Configuration. PsLogListv2.71 (April 28, 2010)

Diskmonv2.01 (November 1, 2006)This utility captures all hard disk activity

How To Use Sysmon on local or remote computers, running processes remotely, rebooting computers, dumping event logs, and more.

verify that images on your system are digitally signed. Registry, process, thread and DLL activity in real-time.

ClockResv2.1 (July 4, 2016)View the resolution of the system clock. How To Install Sysmon

Sysmon.exe is a simple executable file which will be used by the Sysinternals utilities.

Autoruns also shows you the full list of Registry entries. Whoisv1.14 (July 4, 2016)See who owns an Internet address.

