![]() The child process depends on the parent process. What happened to the child process conhost.exe? Right-click the cmd.exe process and select Kill Process. The default web browser opens with the results regarding the malicious content of conhost.exe. Click the link under the VirusTotal column. Expand the Process Explorer window or scroll to the right until you see the VirusTotal column. When prompted, click Yes to agree to VirusTotal Terms of Service. To check for malicious content, right-click conhost.exe and select Check VirusTotal. As you review the list of active processes, you find that the child process conhost.exe may be suspicious. Start a ping at the prompt and observe the changes under the cmd.exe process.Ī child process PING.EXE listed under the cmd.exe during the ping process.Į. The cmd.exe has a child process, conhost.exe.ĭ. ![]() Its parent process is explorer.exe process. The process for the Command Prompt is cmd.exe. Drag the Find Window’s Process icon into the Command Prompt window and locate the highlighted Command Prompt process in Process Explorer.Ĭ. (Start > search Command Prompt > select Command Prompt)ī. What happened to the web browser window when the process is killed? Right-click the selected process and select Kill Process. The Microsoft Edge process can be terminated in the Process Explorer. Microsoft Edge was used in this example.Į. To locate the web browser process, drag the Find Window’s Process icon into the opened web browser window. The Process Explorer displays a list of currently active processes.ĭ. Accept the Process Explorer License Agreement when prompted.Ĭ. Navigate to the SysinternalsSuite folder with all the extracted files.ī. Leave the web browser open for the following steps. After the download is completed, extract the files from the folder.Ĭ. ![]() Navigate to the following link to download Windows SysInternals Suite:ī. Step 1: Download Windows SysInternals Suite.Ī. You will also start and observe a new process. You will explore the processes using Process Explorer in the Windows SysInternals Suite. Processes are programs or applications in execution. In this part, you will explore processes. You will also use the Windows Registry to change a setting. In this lab, you will explore the processes, threads, and handles using Process Explorer in the SysInternals Suite.
0 Comments
Leave a Reply. |