Event ID 5

Process terminated
Source:
Microsoft-Windows-Sysmon
Category:
Process terminated (rule: ProcessTerminate)
Process terminated:
    RuleName: %1!s!
    UtcTime: %2!s!
    ProcessGuid: %3!s!
    ProcessId: %4!s!
    Image: %5!s!
    User: %6!s!


The process terminate event reports when a process terminates. It provides the UtcTime, ProcessGuid and ProcessId of the process.


LEFT/RIGHT arrow keys for navigation

Back to List