WinProcs is a list of known Windows processes and their expected characteristics for you to compare them with what you see during digital forensics.
This was inspired by the GTFOBins project for Windows. Initial data taken from SANS poster - “Find Evil - Know Normal”.
Instruction on how to contribute is available here.
| Process | Characteristics |
|---|---|
| RuntimeBroker.exe | |
| System | |
| csrss.exe | |
| dllhost.exe | |
| explorer.exe | |
| lsaiso.exe | |
| lsass.exe | |
| rundll32.exe | |
| services.exe | |
| smss.exe | |
| svchost.exe | |
| taskhostw.exe | |
| wininit.exe | |
| winlogon.exe | |
| No process matches... | |