Process IOCs Monitoring

Procmon

Procmon is a software that's part of the windows sysinternals suite. It can precisely monitor what our processes are doing, even down to filtering types of actions taken by said processes, such as file creation in the case below.

Procmon also has a very practical functionnality called "Process Tree". This view allows us to visualise the "parents" and "children" of our currently running processes.