Process Monitor (https://technet.microsoft.com/en-us/sysinternals/processmonitor.aspx) is an advanced monitoring tool that shows the real-time interaction of the processes with the filesystem, registry, and process/thread activity.

When you run this tool (run as Administrator), you will immediately notice that it captures all the system events, as shown in the following screenshot. To stop capturing the events, you can press Ctrl + E, and to clear all the events you can press Ctrl+ X. The following screenshot shows the activities captured by Process Monitor on a clean system:

From the events captured by the Process Monitor, you can see that lots of activity gets generated on a clean system. When performing malware analysis, you will only be interested in the activities produced by the malware. To reduce noise, you can use the filtering features which hides unwanted entries and allows you to filter on specific attributes. To access this feature, select the Filter menu and then click on Filter (or press Ctrl + L). In the following screenshot, the filter is configured to display events only related to the process, svchost.exe: