Studying "normal" (based on what student established with first goal), with a Windows VM & OpenEDR data-set visualisation
Learn how to use Sysmon events to observe the various process behaviours, particularly related to Payload Delivery & Code-Execution (as highlighted under Tactics column above)
