Process Explorer is an excellent replacement for Task Manager. Malware running as Svchost.exe is a popular name and process to abuse for malware. Legitimate processes should be children of services. The color pink indicates that the process is a service (like our friend) The color purple in Process Explorer means that the files may be packed. The light blue processes are those run by the same account that started Process Explorer. The dark blue process is selected (by clicking or otherwise). The color green means the process was freshly spawned (just loaded). If you Suspend a process it will turn dark grey.”]
Source: https://blog.malwarebytes.com/101/2016/05/process-explorer-part-2/