🌳 Process Tree
🎯 Process Analysis Dashboard
Click on any process in the tree to view comprehensive analysis including legitimate usage patterns, suspicious indicators, and associated MITRE ATT&CK techniques.
This reference tool helps identify normal vs. abnormal process behaviors in Windows environments.
🔍 Advanced Search Features:
- Process Names: Exact, starts with, or contains (e.g., "lsass.exe", "svchost")
- MITRE ATT&CK TTPs: Exact or partial TTP matches (e.g., "T1055", "T1055.012")
- Descriptions & Purpose: Search process descriptions and purposes
- File Locations: Search by process file paths (e.g., "system32", "windows")
- Usage & Indicators: Search legitimate usage and suspicious indicators
- Startup Order: Search by boot sequence (e.g., "order 1", "order 2")
- Instance Type: Search "single instance" or "multiple instance" processes
- Fuzzy Search: Intelligent matching for typos and partial queries
- Smart Ranking: Results ranked by relevance and match type
- Real-time Results: Instant search with keyboard navigation
🔍 Quick Reference
Normal Boot Sequence:
- System (PID 4) → smss.exe
- smss.exe → csrss.exe + wininit.exe
- wininit.exe → services.exe + lsass.exe
- csrss.exe → winlogon.exe
- winlogon.exe → userinit.exe → explorer.exe