Process

ubiquitoussigned

sysmon64.exe

Microsoft CorporationFirst seen 2026-06-08

File identity

File details
File type
PE32+ executable
Magic
PE32+ executable (console)
Internal name
System Monitor
Product
Sysinternals Sysmon
Signing information
Status
Signed
Publisher
Microsoft Corporation
Signer
Microsoft Windows Publisher
Issuer
Microsoft Windows Production PCA 2011
Signature rate
100%
File version1
  • 15.20100%
File size1
  • 3171.90 KB100%

Execution context

File paths1
  • C:\Windows\Sysmon64.exe100%
User context0

Not observed.

Integrity level0

Not observed.

Instances1
  • 1100%
Session1
  • Session 0100%
Token privileges17
  • SeTimeZonePrivilege100%
  • SeCreatePagefilePrivilege100%
  • SeSecurityPrivilege100%
  • SeTcbPrivilege100%
  • SeCreateGlobalPrivilege100%

Ancestry

Parents0

Not observed.

Children0

Not observed.

Grandparents0

Not observed.

Grandchildren0

Not observed.

Behavior

Loaded modules0

Not observed.

Named pipes0

Not observed.

Process handles0

Not observed.

Command-line patterns0

Not observed.

Indicators

Hashes

Not observed.

Analysis

About this process

No analyst write-up yet.

Security notes

No analyst write-up yet.

Anomaly signals

None defined yet.

Telemetry

OS prevalence1
  • Microsoft Windows 11 Enterprise Evaluation100%
Observation timeline
First seen
2026-06-08
Last seen
2026-06-08
Machines
1

Subsearch

Hasbeen seen inof sysmon64.exe?
Edit this page on GitHub