Investigating Windows 2.0 Tryhackme |verified| -

→ Look for odd processes in Task Manager or tasklist that don’t match known Windows binaries.

Or using PowerShell:

The first task provides an introduction to the challenge and gives you access to the compromised Windows 10 machine. You'll be given an IP address, which you'll use to connect to the machine via Remote Desktop Protocol (RDP). Make sure you have the necessary credentials, as provided by TryHackMe. investigating windows 2.0 tryhackme

Check PowerShell history. Each user has a console history: → Look for odd processes in Task Manager