Volatility Foundation Volatility Framework 2.6Offset(V) Name

1. Volatility Foundation Volatility Framework 2.6
2. Offset(V) Name PID PPID Thds Hnds Sess Wow64 Start Exit
3. ------------------ -------------------- ------ ------ ------ -------- ------ ------ ------------------------------ ------------------------------
4. 0xffffbd85220b8040 System 4 0 100 0 ------ 0 2018-08-30 12:41:02 UTC+0000
5. 0xffffbd8526fd7040 smss.exe 260 4 2 0 ------ 0 2018-08-30 12:41:02 UTC+0000
6. 0xffffbd85276d0080 csrss.exe 360 340 10 0 0 0 2018-08-30 12:41:05 UTC+0000
7. 0xffffbd8527e22080 smss.exe 420 260 0 -------- 1 0 2018-08-30 12:41:05 UTC+0000
8. 0xffffbd8527e1f080 wininit.exe 428 340 1 0 0 0 2018-08-30 12:41:05 UTC+0000
9. 0xffffbd8527e1b4c0 csrss.exe 436 420 12 0 1 0 2018-08-30 12:41:05 UTC+0000
10. 0xffffbd8527ee1080 winlogon.exe 512 420 5 0 1 0 2018-08-30 12:41:05 UTC+0000
11. 0xffffbd8527f19080 services.exe 544 428 11 0 0 0 2018-08-30 12:41:05 UTC+0000
12. 0xffffbd8527f0c800 lsass.exe 560 428 7 0 0 0 2018-08-30 12:41:05 UTC+0000
13. 0xffffbd8527e59800 svchost.exe 644 544 19 0 0 0 2018-08-30 12:41:05 UTC+0000
14. 0xffffbd8527fb75c0 svchost.exe 708 544 12 0 0 0 2018-08-30 12:41:05 UTC+0000
15. 0xffffbd8528007080 dwm.exe 804 512 12 0 1 0 2018-08-30 12:41:06 UTC+0000
16. 0xffffbd8527e4f800 svchost.exe 896 544 63 0 0 0 2018-08-30 12:41:06 UTC+0000
17. 0xffffbd8527e4b800 svchost.exe 928 544 19 0 0 0 2018-08-30 12:41:06 UTC+0000
18. 0xffffbd8527e49800 svchost.exe 940 544 23 0 0 0 2018-08-30 12:41:06 UTC+0000
19. 0xffffbd8528066440 svchost.exe 1016 544 22 0 0 0 2018-08-30 12:41:06 UTC+0000
20. 0xffffbd8528127080 svchost.exe 1032 544 26 0 0 0 2018-08-30 12:41:06 UTC+0000
21. 0xffffbd8528146640 vmacthlp.exe 1044 544 1 0 0 0 2018-08-30 12:41:06 UTC+0000
22. 0xffffbd852810b800 svchost.exe 1136 544 19 0 0 0 2018-08-30 12:41:06 UTC+0000
23. 0xffffbd8528154800 svchost.exe 1256 544 8 0 0 0 2018-08-30 12:41:06 UTC+0000
24. 0xffffbd85280f7800 svchost.exe 1340 544 7 0 0 0 2018-08-30 12:41:06 UTC+0000
25. 0xffffbd8527c4f080 spoolsv.exe 1484 544 11 0 0 0 2018-08-30 12:41:06 UTC+0000
26. 0xffffbd8527ce2800 svchost.exe 1832 544 13 0 0 0 2018-08-30 12:41:07 UTC+0000
27. 0xffffbd8527cb7700 MsMpEng.exe 1920 544 29 0 0 0 2018-08-30 12:41:07 UTC+0000
28. 0xffffbd85283d4800 svchost.exe 1976 544 12 0 0 0 2018-08-30 12:41:08 UTC+0000
29. 0xffffbd8527a1c5c0 vmtoolsd.exe 1988 544 9 0 0 0 2018-08-30 12:41:08 UTC+0000
30. 0xffffbd8527a41800 VGAuthService. 1996 544 2 0 0 0 2018-08-30 12:41:08 UTC+0000
31. 0xffffbd8527a46040 MemCompression 1308 4 44 0 ------ 0 2018-08-30 12:41:08 UTC+0000
32. 0xffffbd8527bf2800 dllhost.exe 2368 544 10 0 0 0 2018-08-30 12:41:08 UTC+0000
33. 0xffffbd8527a91800 msdtc.exe 2440 544 9 0 0 0 2018-08-30 12:41:08 UTC+0000
34. 0xffffbd8528597080 WmiPrvSE.exe 2492 644 11 0 0 0 2018-08-30 12:41:09 UTC+0000
35. 0xffffbd85285f0800 NisSrv.exe 2820 544 9 0 0 0 2018-08-30 12:41:10 UTC+0000
36. 0xffffbd8528975800 sihost.exe 1424 896 10 0 1 0 2018-08-30 12:42:24 UTC+0000
37. 0xffffbd85288d9800 svchost.exe 956 544 11 0 1 0 2018-08-30 12:42:24 UTC+0000
38. 0xffffbd85288d7800 taskhostw.exe 1268 896 15 0 1 0 2018-08-30 12:42:24 UTC+0000
39. 0xffffbd85288d1800 userinit.exe 3128 512 0 -------- 1 0 2018-08-30 12:42:24 UTC+0000
40. 0xffffbd85288d3800 RuntimeBroker. 3140 644 20 0 1 0 2018-08-30 12:42:24 UTC+0000
41. 0xffffbd85288cf800 explorer.exe 3184 3128 70 0 1 0 2018-08-30 12:42:24 UTC+0000
42. 0xffffbd85288d5800 ShellExperienc 3704 644 41 0 1 0 2018-08-30 12:42:26 UTC+0000
43. 0xffffbd8528795080 SearchUI.exe 3804 644 46 0 1 0 2018-08-30 12:42:26 UTC+0000
44. 0xffffbd8528c51800 TabTip.exe 4340 1016 12 0 1 0 2018-08-30 12:42:28 UTC+0000
45. 0xffffbd852894d080 SearchIndexer. 4428 544 24 0 0 0 2018-08-30 12:42:28 UTC+0000
46. 0xffffbd85220e1080 TabTip32.exe 4532 4340 1 0 1 1 2018-08-30 12:42:28 UTC+0000
47. 0xffffbd8528be3800 MSASCuiL.exe 2856 3184 3 0 1 0 2018-08-30 12:42:38 UTC+0000
48. 0xffffbd8528d9f5c0 vmtoolsd.exe 608 3184 9 0 1 0 2018-08-30 12:42:38 UTC+0000
49. 0xffffbd8528301080 svchost.exe 4312 544 10 0 0 0 2018-08-30 12:42:56 UTC+0000
50. 0xffffbd8528b80800 ManagementAgen 3928 544 8 0 0 0 2018-08-30 12:43:09 UTC+0000
51. 0xffffbd852903e080 dasHost.exe 5420 1016 3 0 0 0 2018-08-30 12:43:21 UTC+0000
52. 0xffffbd8528a0f600 OneDrive.exe 5616 4748 0 -------- 1 1 2018-08-30 12:43:24 UTC+0000
53. 0xffffbd85290c1800 OneDrive.exe 2092 3352 12 0 1 1 2018-08-30 12:45:20 UTC+0000
54. 0xffffbd8528268800 dllhost.exe 5556 644 7 0 1 0 2018-08-30 12:45:34 UTC+0000
55. 0xffffbd8528622080 ApplicationFra 4760 644 6 0 1 0 2018-08-30 12:45:37 UTC+0000
56. 0xffffbd8528f01080 MicrosoftEdge. 6112 644 25 0 1 0 2018-08-30 12:46:17 UTC+0000
57. 0xffffbd852554a800 browser_broker 4232 644 8 0 1 0 2018-08-30 12:46:17 UTC+0000
58. 0xffffbd8528263080 MicrosoftEdgeC 3972 3140 27 0 1 0 2018-08-30 12:46:18 UTC+0000
59. 0xffffbd8528f22380 InstallAgent.e 6004 644 4 0 1 0 2018-08-30 12:46:18 UTC+0000
60. 0xffffbd852258d800 smartscreen.ex 2928 644 9 0 1 0 2018-08-30 12:46:19 UTC+0000
61. 0xffffbd8522587800 MpCmdRun.exe 6064 5756 6 0 0 0 2018-08-30 12:46:20 UTC+0000
62. 0xffffbd8528b98480 taskhostw.exe 3248 896 6 0 1 0 2018-08-30 12:47:24 UTC+0000
63. 0xffffbd85225db800 cmd.exe 5964 3140 1 0 1 0 2018-08-30 12:50:41 UTC+0000
64. 0xffffbd852247b800 conhost.exe 4648 5964 4 0 1 0 2018-08-30 12:50:41 UTC+0000
65. 0xffffbd8528791080 cmd.exe 5200 3140 1 0 1 0 2018-08-30 12:50:49 UTC+0000
66. 0xffffbd8526dfc080 conhost.exe 2976 5200 3 0 1 0 2018-08-30 12:50:49 UTC+0000
67. 0xffffbd8527c79800 lsass.exe 1132 5964 1 0 1 1 2018-08-30 12:51:54 UTC+0000
68. 0xffffbd8528a98800 MicrosoftEdgeC 1508 3140 23 0 1 0 2018-08-30 12:52:17 UTC+0000
69. 0xffffbd8525567800 MicrosoftEdgeC 4840 3140 25 0 1 0 2018-08-30 12:52:25 UTC+0000
70. 0xffffbd8528a5e080 MicrosoftEdgeC 4484 3140 15 0 1 0 2018-08-30 12:52:26 UTC+0000
71. 0xffffbd85291f82c0 MicrosoftEdgeC 5996 3140 0 -------- 1 0 2018-08-30 12:54:14 UTC+0000
72. 0xffffbd85225c9800 MicrosoftEdgeC 1776 3140 24 0 1 0 2018-08-30 12:54:18 UTC+0000
73. 0xffffbd85272c2800 SearchProtocol 5840 4428 8 0 0 0 2018-08-30 12:54:34 UTC+0000
74. 0xffffbd8528955080 FlashUtil_Acti 4548 644 2 0 1 0 2018-08-30 12:56:04 UTC+0000
75. 0xffffbd852270c080 svchost.exe 1688 544 13 0 0 0 2018-08-30 12:56:06 UTC+0000
76. 0xffffbd8528ec9080 explorer.exe 4620 5200 1 0 1 1 2018-08-30 12:56:18 UTC+0000
77. 0xffffbd8522df8800 backgroundTask 676 644 16 0 1 0 2018-08-30 12:58:01 UTC+0000
78. 0xffffbd85271c1800 audiodg.exe 2880 1256 8 0 0 0 2018-08-30 12:59:50 UTC+0000
79. 0xffffbd8528ed6800 TabTip.exe 2996 1016 0 -------- 1 0 2018-08-30 12:59:51 UTC+0000
80. 0xffffbd85227105c0 cmd.exe 4100 3140 1 0 1 0 2018-08-30 12:59:51 UTC+0000
81. 0xffffbd8526c88800 conhost.exe 5708 4100 9 0 1 0 2018-08-30 12:59:51 UTC+0000
82. 0xffffbd85225e0080 WUDFHost.exe 4916 1016 12 0 0 0 2018-08-30 13:00:02 UTC+0000
83. 0xffffbd85229d7080 winpmem_1.6.0. 2752 4100 3 0 1 1 2018-08-30 13:00:34 UTC+0000