CLH-004

Process Investigation

< Script House
operator@shadow:~
[ALERT] Anomalous system activity detected
[SYSTEM] Process snapshot captured to analysis directory
> Mission: Identify the suspicious process consuming abnormal resources
Type help to see available commands.
operator@shadow:~$

CURRENT OBJECTIVE

THREAT BRIEFING

Situation

System monitoring has detected abnormal CPU and memory usage. A process snapshot has been captured for your analysis.

Your mission: Identify the rogue process hiding among legitimate system processes.

Process Analysis Techniques

When hunting malicious processes, look for:

  • Unknown names - processes with generic or suspicious names
  • High resource usage - unusual CPU or memory consumption
  • Strange PIDs - PIDs that don't match expected ranges

grep for Process Hunting

$ grep "unknown" processes.txt
Find processes with "unknown" in name
$ grep -v "^#" file.txt
Exclude comment lines
THREAT INDICATOR:

The malicious process is likely consuming between 5-10% CPU and memory - high enough to be suspicious, low enough to avoid automated detection.

PRO TIP:

Real malware often uses innocent-sounding names. Look for processes that don't belong in the normal process list.