Module processes 

Constants

KNOWN_MALWARE_PROCESS_NAMES

Well-known malware / offensive-tool process names.

WINDOWS_MASQUERADE_TARGETS

Legitimate Windows process names commonly masqueraded by attackers.

Functions

is_known_malware_process

Returns true if name matches a known malware process name (case-insensitive).

is_masquerade_target

Returns true if name is a high-value masquerade target (case-insensitive).