Bump Sysmon version to latest

[haam3r]

Install latest Sysmon version 8.0 instead of 6.0.2.

New executables need to be uploaded as https://cuckoo.sh/vmcloak/Sysmon64-8.0.0.exe and https://cuckoo.sh/vmcloak/Sysmon-8.0.0.exe

The new versions can be downloaded from: https://download.sysinternals.com/files/Sysmon.zip

[samwakel]

You should add extra versions, rather than replace them. Look at other dependencies (adobe reader, firefox etc.) to see how multiple versions of dependencies are implemented. The usage then is (dependency):(version). e.g firefox:41.0.2 pillow:3.4.2 winrar:5.40

Out of curiosity, have you tested the newer version of Sysmon on Windows 7? I found the existing one was maxing the CPU (100% on a single core VM), does the newer version fix that? I didn't seem to have the problem with 8 and 10.

[haam3r]

You should add extra versions, rather than replace them. Look at other dependencies (adobe reader, firefox etc.) to see how multiple versions of dependencies are implemented. The usage then is (dependency):(version). e.g firefox:41.0.2 pillow:3.4.2 winrar:5.40

Quite right, thanks for pointing that out. Fixed with: https://github.com/jbremer/vmcloak/pull/132/commits/69e7ea6757c725f0c2bd466d50df16f9beab8694

Out of curiosity, have you tested the newer version of Sysmon on Windows 7? I found the existing one was maxing the CPU (100% on a single core VM), does the newer version fix that? I didn't seem to have the problem with 8 and 10.

Have not tested the newer version out yet. Although I don't remember having any performance issues with the old 6.0.2 version either. Since I'm currently writing the sysmon auxiliary and processing modules anyways, I'll see if I can test on my side.