Common Processes: Windows

MoUsoCoreWorker.exe
- Seen a lot in alerts- backup update orchestrator in Win10, primary update orchestrator in Win11.
- C:\Windows\UUS\adm64\MoUsoCoreWorker.exe
reg.exe
- Windows Registry Editor
- C:\Windows\system32\reg.exe
smss.exe
- Session manager subsystem, often launches winlogon and csrss.exe
- C:\Windows\System32\smss.exe
wininit.exe
- Windows startup application
wmiprvse.exe
- Windows process for updates and general management
- Windows\System32\wbem\wmiprvse.exe
- can be associated with unsecapp.exe

Last updated 10 months ago