sysmon.exe

Remove sysmon.exe

MD5:	f56018b4f2e60794c89198a061398132
SHA1:	57353f1b6f9bf328a4e45137cd6762a325be49c6

Overview

sysmon.exe executes as a process with the local user's privileges usually within the context of Windows Explorer. It adds run once key to the current user's profile so that the file will execute the next time the user logs into Windows (it will delete the entry after it runs once). The assembly utilizes the .NET run-time framework (which is required to be installed on the PC). This particular version is usually found on Windows 7 Home Premium (6.1.7601.65536).

Details

File name:	sysmon.exe
Typical file path:	C:\users\user\appdata\roaming\microsoft\windows\sysmon.exe
Size:	14 KB (14,336 bytes)
Build date:	10/10/2013 1:51 PM
Digital DNA
File packed:	No
Code language:	Microsoft Visual C# / Basic .NET
.NET CLR:	Yes
.NET NGENed:	No

More details

Behaviors

Startup files (user) run once

Runs under the registry key 'HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce'

'System Monitor Control' → C:\users\user\appdata\Roaming\Microsoft\Windows\sysmon.exe

Resource utilization

(Note: statistics below are averages based on a minimum sample size of 200 unique participants)

Averages

CPU
Total CPU:	0.00006084%	0.028634%
Kernel CPU:	0.00001965%	0.013761%
User CPU:	0.00004119%	0.014873%
Kernel CPU time:	15,642,298,271 ms/min	100,923,805ms/min
CPU cycles:	32,824,503/sec	17,470,203/sec
Memory
Private memory:	14.63 MB	21.59 MB
Private (maximum):	11.59 MB
Private (minimum):	4.31 MB
Non-paged memory:	14.63 MB	21.59 MB
Virtual memory:	130.26 MB	140.96 MB
Virtual memory (peak):	231.75 MB	169.69 MB
Working set:	5.79 MB	18.61 MB
Working set (peak):	16.16 MB	37.95 MB
Page faults:	17,244,144/min	2,039/min
I/O
I/O read transfer:	15 Bytes/sec	1.02 MB/min
I/O read operations:	1/sec	343/min
I/O other transfer:	53 Bytes/sec	448.09 KB/min
I/O other operations:	1/sec	1,671/min
Resource allocations
Threads:	6	12
Handles:	172	600
GUI GDI count:	6	103
GUI GDI peak:	6	142
GUI USER count:	1	49
GUI USER peak:	2	71

Process properties

Integrety level:	High
Platform:	64-bit
Command line:	"C:\users\user\appdata\roaming\microsoft\windows\sysmon.exe"
Owner:	User
Parent process:	explorer.exe (Windows Explorer by Microsoft Corporation)

Distribution by Windows OS

OS version	distribution
Windows 7 Home Premium	100.00%

Distribution by PC manufacturer

PC Manufacturer	distribution
MSI	100.00%

"Should I Block It?" client app is coming soon

We are still in the final stages of development and will hopefully have our 100% free client app available soon. The app will work in conjunction with your existing anti-virus program to quickly help you block potentially unwanted software from taking control of your PC.

In the meantime, if you would like to run our award winning software, "Should I Remove It?", which is designed to quickly purge your PC from unwanted programs, please download it it here, it's 100% FREE!

Featured on The Kim Komando Show, USA Today, Tom's Guide, CNET, Softonic and many more.

Remove Adware and Spyware Programs, FREE Download!

Should I block it?

Relationships