Exorcising T1055.001: Naming the Demon Behind DLL Injection

A practical, evidence-driven playbook to name the exact DLL behind T1055 injection by correlating Sysmon EID 8 with CAPI2 Task 82. Includes ready-to-run SPL queries.