Sysmon Driver Unloaded Via Fltmc.EXE (4d7cda18-1b12-4e52-b45c-d28653210df8)

Detects possible Sysmon filter driver unloaded via fltmc.exe

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Disable Windows Event Logging - T1562.002 (4eb28bed-d11a-4641-9863-c2ac017d910a)	Attack Pattern	Sysmon Driver Unloaded Via Fltmc.EXE (4d7cda18-1b12-4e52-b45c-d28653210df8)	Sigma-Rules	1
Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529)	Attack Pattern	Sysmon Driver Unloaded Via Fltmc.EXE (4d7cda18-1b12-4e52-b45c-d28653210df8)	Sigma-Rules	1
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	Sysmon Driver Unloaded Via Fltmc.EXE (4d7cda18-1b12-4e52-b45c-d28653210df8)	Sigma-Rules	1
Disable Windows Event Logging - T1562.002 (4eb28bed-d11a-4641-9863-c2ac017d910a)	Attack Pattern	Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529)	Attack Pattern	2