Core Windows Processes

Explore the core processes within a Windows operating system and understand what is normal behaviour. This foundational knowledge will help you identify malicious processes running on an endpoint!

Task 2:

Task Manager is a built-in GUI-based Windows utility that allows users to see what is running on the Windows system.

Necessary tools for monitoring:

• Process Hacker: Link

• Task manager by Windows

Important point : PID

• PID means - Process Identifier Number

• Windows assigns a unique number when a process starts

• A single program can run multiple process with different PID.

• PID for 'System' is always 4

Task 3: