perfmon.exe
- File Path:
C:\windows\system32\perfmon.exe
- Description: Resource and Performance Monitor
Screenshot
Hashes
Type | Hash |
---|---|
MD5 | CB1511A4E14C072450E5A61BD74859E3 |
SHA1 | 9FD0DCC07AA539A6590D4C73886DAA4664126D07 |
SHA256 | 5898266DF2C54E2F0555D97CC11FBF4707AFE2E991B1A86C1EE7F14F9CA5FA4D |
SHA384 | CCF9EBE3A771B3CD323BA65083E656AB3BE4888F1ED2D937A904A040247419DEF39EB22B70C542868BC174756D4CE389 |
SHA512 | AF80549E39DB68AE65E9F869875ED7F3FFA1281EFBD2CB2B271E19B8CD941F5FB3DD55E3607F7A027282A0457323EBF22294C4E24C1F06B04ECD1E7C55555BC1 |
SSDEEP | 3072:MRra4at1xbcghtYIo9piswTogiqQKy349b:eYxZhqIo9s37iTK24 |
Signature
- Status: The file C:\windows\system32\perfmon.exe is not digitally signed. You cannot run this script on the current system. For more information about running scripts and setting execution policy, see about_Execution_Policies at http://go.microsoft.com/fwlink/?LinkID=135170
- Serial: ``
- Thumbprint: ``
- Issuer:
- Subject:
File Metadata
- Original Filename: perfmon.exe.mui
- Product Name: Microsoft Windows Operating System
- Company Name: Microsoft Corporation
- File Version: 6.3.9600.16384 (winblue_rtm.130821-1623)
- Product Version: 6.3.9600.16384
- Language: English (United States)
- Legal Copyright: Microsoft Corporation. All rights reserved.
File Similarity (ssdeep match)
Possible Misuse
The following table contains possible examples of perfmon.exe
being misused. While perfmon.exe
is not inherently malicious, its legitimate functionality can be abused for malicious purposes.
Source | Source File | Example | License |
---|---|---|---|
sigma | proc_access_win_cred_dump_lsass_access.yml | - 'C:\Windows\System32\perfmon.exe' |
DRL 1.0 |
sigma | proc_access_win_susp_proc_access_lsass.yml | - 'C:\WINDOWS\System32\perfmon.exe' |
DRL 1.0 |
Additional Info*
*The information below is copied from MicrosoftDocs, which is maintained by Microsoft. Available under CC BY 4.0 license.
perfmon
Start Windows Reliability and Performance Monitor in a specific standalone mode.
Syntax
perfmon </res|report|rel|sys>
Parameters
Parameter | Description |
---|---|
/res | Starts the Resource View. |
/report | Starts the System Diagnostics Data Collector Set and displays a report of the results. |
/rel | Starts the Reliability Monitor. |
/sys | Starts the Performance Monitor. |
Additional References
MIT License. Copyright (c) 2020-2021 Strontic.