API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Mar 31st, 2020
115
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.17 KB | None | 0 0
raw download clone embed print report
  1. 31 volatility -f memdump.mem imageinfo
  2. 32 volatility -f memdump.mem imageinfo
  3. 33 volatility -f memdump.mem --profile Win7SP1x64 pslist
  4. 34 volatility -f memdump.mem --profile Win7SP1x64 pslist
  5. 35 volatility -f memdump.mem --profile Win7SP1x64 pstree
  6. 36 volatility -f memdump.mem --profile Win7SP1x64 psxview
  7. 37 volatility -f memdump.mem --profile Win7SP1x64 dlllist -p 1900
  8. 38 volatility -f memdump.mem --profile Win7SP1x64 ldrmodules -p 1900
  9. 39 volatility -f memdump.mem --profile Win7SP1x64 handles -p 1900
  10. 40 volatility -f memdump.mem --profile Win7SP1x64 mutantscan -p 1900
  11. 41 volatility -f memdump.mem --profile Win7SP1x64 mutant -p 1900
  12. 42 volatility -f memdump.mem --profile Win7SP1x64 mutant
  13. 43 volatility -f memdump.mem --profile Win7SP1x64 mutants
  14. 44 volatility -f memdump.mem --profile Win7SP1x64 mutantscan
  15. 45 volatility -f memdump.mem --profile Win7SP1x64 hivedump
  16. 46 volatility -f memdump.mem --profile Win7SP1x64 hivelist
  17. 47 volatility -f memdump.mem --profile Win7SP1x64 hashdump -y 0xfffff8a000024010 -s 0xfffff8a001b5e410
  18. 48 volatility -f memdump.mem --profile Win7SP1x64 netscan
  19. 49 volatility -f memdump.mem --profile Win7SP1x64 consoles
  20. 50 volatility -f memdump.mem --profile Win7SP1x64 consoles
  21. 51 volatility -f memdump.mem --profile Win7SP1x64 cmdscan
  22. 52 volatility -f memdump.mem --profile Win7SP1x64 cmdscans
  23. 53* volatility -
  24. 54 volatility -f memdump.mem --profile Win7SP1x64 consoles
  25. 55 volatility -f memdump.mem --profile=Win7SP1x64 consoles
  26. 56 volatility -f memdump.mem --profile=Win7SP1x64 cmdscan
  27. 57 volatility -f memdump.mem --profile=Win7SP1x64 pslist
  28. 58 volatility -f memdump.mem --profile=Win7SP1x64 memdump -D ./ -p 1368
  29. 59 ll
  30. 60 strings 1368.dmp
  31. 61 volatility -f memdump.mem --profile=Win7SP1x64 procmemdump -D ./ -p 1368
  32. 62 volatility -f memdump.mem --profile=Win7SP1x64 procdump -D ./ -p 1368
  33. 63 file executable.1368.exe
  34. 64 volatility -f memdump.mem --profile=Win7SP1x64 pslist
  35. 65 volatility -f memdump.mem --profile=Win7SP1x64 iehistory
  36. 66 volatility -f memdump.mem --profile=Win7SP1x64 malfind
  37. 67 history
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!