Exam CS0-002 topic 1 question 314 discussion

There's 2 things odd about paint.exe - 1stly it's running under the SYSTEM account, 2ndly the amount of CPU time it has consumed.

I get it that VSCode is using a ton of memory but that’s actually not entirely surprising considering that it runs on a framework build from chromium. We all know how much chromium based apps love to devour memory. Plus there are numerous addons that can be running on this particular system so the 1.2gb or whatever that translates to isn’t completely alarming (to me). Now the fact that someone has opened and used paint at all, let alone for 6 hours is alarming enough for me to raise concerns haha. But really, that coupled with the 0.85gb or 2/3 the amount of memory that VS is using? Paint is a Windows native program that doesn’t require the use of third party, memory eating, underlying platforms. It’s also being ran under SYSTEM which is yet another red flag. Three strikes and your out paint.exe…

It's B...high memory usage

Agreed with comments re vscode.

LMFAO Paint bruh.

I have vscode open on my system all day long. Even with lots of tabs it never uses that much memory. Given that it's used not just for coding, but has built-in methods for running code in an integrated shell - that's the first place you should look. All the other behaviors are actually very normal. Paint.exe seemed a bit odd to me at first because of the file size, but it's feasible that someone would put a 90 MB image through paint. (depending on the file format / compression).

Vscode.exe*32, which is the executable file for Visual Studio Code, is a text editor that is commonly used for coding. The "*32" indicates that it is running as a 32-bit process. In this case, the high memory usage of vscode.exe*32 (1302103K) is an indicator of a possible compromise because it is unusual for a text editor to consume that much memory. A process with high memory usage is indicative of either a resource leak, where the process is not releasing memory that is no longer needed, or malicious activity, such as running a cryptojacking script in the background.