Windows

I'm trying to know what is normal in windows 10 and 11 in order to know abnormal

These are some of the resources that I found extremely helpful when learning how the Windows Operating System works

• https://www.youtube.com/watch?v=dSEXLXURKGk&list=PLsoPy7S6vUtG-W6nqEDnZy090OUWtFXaR&index=3&ab_channel=TechsavvyProductions (This channel is gold TechSavy)

• https://0xcybery.github.io/blog/Core-Processes-In-Windows-System (Normal Process and Stuff) mostly the abnormal here is the image path if any Windows System Processes is not originated from C:\Windows\System32 and the running User is not SYSTEM then it is abnormal

Rundll32 Normal Behavior

Normal Path Should be:

\Windows\System32\rundll32.exe \Windows\SysWOW64\rundll32.exe (32bit version on 64bit systems)

Ref:

• https://www.tenforums.com/tutorials/77458-rundll32-commands-list-windows-10-a.html

• https://nasbench.medium.com/a-deep-dive-into-rundll32-exe-642344b41e90 (Read this first)

Windows 10 Startup

Windows Normal Connection

• https://learn.microsoft.com/en-us/windows/privacy/windows-endpoints-1903-non-enterprise-editions (You can learn which domain that windows normally connected to)