I am trying to build an anomaly detection system for ransomware and one of the features that I want to use is the number of calls that a process makes to certain Windows APIs, such as calls that are done when a process is encrypting a file.
Is there any tool that gives which API calls a process made? If I can export that capture in a format such as csv would be even better.
I came across the tool procmon tool but it doesn't give a lot of information and does not include the APIs I want (such as encryption APIs). I also found winapioverride but it's paid.
