When you first open Process Explorer, there’s a lot of information there and it can look overwhelming. Don’t panic. Here’s what everything is.
In the top half of the main window, you’ll see a list of processes. This shouldn’t be completely unfamiliar if you’ve used the Details tab in Task Manager (aka the Processes tab in Windows XP and earlier). It lists the process name, the process description, CPU and memory usage, and the company name of the software’s creator – something that’s very useful when you’re malware hunting. You can customise your columns to include more or less information by right-clicking on the column heading, just like any other program with sortable columns.
The processes are presented hierarchically, which means if a process spawns another process, the child process will be listed nested underneath the parent. If you’d prefer an alphabetical listing instead, just click the ‘process name’ column heading. This list is constantly updating, but if you want to freeze it in time – say, to examine a process that appears and disappears quicker than you can click on it – you can hit the space bar to pause the updates.
There’s a lot more information here – the scrolling line charts at the top of the window, the colour codes, the lower pane showing DLLs and handles – but for now let’s focus on the process list. There’s a good chance you might find a group exists, and joining this will put you in touch with plenty of people who might be able to aid you in your quest.