通过Sysmon的-l参数可以探测到DLL加载(ImageLoaded):
REF: https://securityriskadvisors.com/blog/post/detecting-in-memory-mimikatz/
