Process Utilities Flashcards
What is Process Explorer
used for?
as an advanced task manager and process analyzer
What does Process Explorer
allow admins to do?
examine running processes, their dependencies, handles, DLLs, and more
How is Process Explorer
helpful to threat hunters/incident responders?
helpful for identifying suspicious or malicious processes and their behavior
What is Autoruns
used for?
view detailed information about autostart entries and manage them on a Windows system (manage and control what runs automatically)
What are autostart entries
on a Windows system?
programs, scripts, drivers, and services that automatically launch when the operating system starts or when a user logs in
What is Process Monitor (Procmon)
used for?
real-time monitoring and detailed logging of system and process activity on Windows systems
Which tool can be used to trace the sequence of events leading to errors or unexpected behavior?
Procmon
How can be Procmon
used to identify malware and suspicious activity?
helps spotting unusual or unauthorized file, registry, and network operations
Which tool can be used to see which processes are making network connections and the details of those connections?
Procmon
What is PsExec
used for?
execute processes and run commands on remote computers in a network
What kind of remote administrative tasks can be done with PsExec
?
- running system utilities and diagnostic tools
- installing or updating software
- managing services and processes
- configuring network settings
- initiating remote command shells (cmd.exe) for interactive sessions
Which tool will show temporary files or registry modifications that malware creates, for example, files or registry keys created and then removed during the life of the malware execution?
Procmon
What kind of process details does Process Explorer allow admins to inspect?
- associated services
- invoked network traffic
- handles such as files or directories opened
- DLLs and memory-mapped files loaded