Which of the following processes should be prioritized for examination during live response?
Which of the following processes should be prioritized for examination during live response?
The most suspicious process to prioritize for examination during live response is notepad.exe. Notepad is a simple text editor and does not typically create network connections, especially to external IP addresses. In the given output, notepad.exe has an established TCP connection to a remote IP address (3.15.24.17) on port 80, which is commonly used for HTTP (unencrypted web traffic). This unusual behavior suggests that notepad.exe might be compromised or being used for malicious activities, warranting further investigation.
C. Notepad is a text editor that is not able to create connections. But on this screenshot it has an established connection to a (unencrpyted) Web-Port. As Chrome is a Browser that has only HTTPS connections established i do not see any reason why this is supspicous
notepad is the most suspicious.