Copyright (c) 2020-2021 Strontic.When are Process Monitor log files needed? Registry_event_susp_service_installed.yml Proc_creation_win_false_sysinternalsuite.yml Sourceįile_event_win_susp_procexplorer_driver_created_in_tmp_folder.yml While Procmon.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes. The following table contains possible examples of Procmon.exe being misused.
Issuer: CN=Microsoft Code Signing PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US.\Sessions\1\BaseNamedObjects\UrlZonesSM_user \Sessions\1\BaseNamedObjects\SessionImmersiveColorPreference \BaseNamedObjects\windows_shell_global_counters