hiromu · November 23, 2013 12:58
diff --git a/volatility.txt b/volatility.txt
 Volatile Systems Volatility Framework 2.2
 Offset(V)  Name                    PID   PPID   Thds     Hnds   Sess  Wow64 Start                Exit                
 ---------- -------------------- ------ ------ ------ -------- ------ ------ -------------------- --------------------
 0x823c6660 System                    4      0     61      281 ------      0                                          
 0x81fcb020 smss.exe                548      4      3       19 ------      0 2013-06-30 09:22:16                      
 0x81f3e020 csrss.exe               672    548     12      370      0      0 2013-06-30 09:22:23                      
 0x820f3020 winlogon.exe            696    548     19      582      0      0 2013-06-30 09:22:23                      
 0x8205c020 services.exe            740    696     15      294      0      0 2013-06-30 09:22:23                      
 0x81fdc020 lsass.exe               752    696     20      359      0      0 2013-06-30 09:22:23                      
 0x820e97f0 vmacthlp.exe            940    740      1       25      0      0 2013-06-30 09:22:25                      
 0x8208d6e8 svchost.exe             956    740     16      207      0      0 2013-06-30 09:22:26                      
 0x81e5e020 svchost.exe            1004    740      8      296      0      0 2013-06-30 09:22:26                      
 0x82072da0 svchost.exe            1148    740     68     1388      0      0 2013-06-30 09:22:26                      
 0x820137a8 svchost.exe            1340    740      5       78      0      0 2013-06-30 09:22:26                      
 0x820e93c8 svchost.exe            1448    740     12      189      0      0 2013-06-30 09:22:28                      
 0x81ee2620 spoolsv.exe            1780    740     10      140      0      0 2013-06-30 09:22:29                      
 0x82164da0 explorer.exe           1828   1736     10      461      0      0 2013-06-30 09:22:29                      
 0x81f3d3b8 rundll32.exe            128   1828      4       74      0      0 2013-06-30 09:22:32                      
 0x81f3cc08 vmtoolsd.exe            140   1828      5      199      0      0 2013-06-30 09:22:32                      
 0x81e6cda0 svchost.exe             360    740      5      111      0      0 2013-06-30 09:22:44                      
 0x820f1c10 svchost.exe             396    740      5      105      0      0 2013-06-30 09:22:44                      
 0x81fcf4b8 vmtoolsd.exe            592    740      7      278      0      0 2013-06-30 09:22:45                      
 0x82230350 imapi.exe               516    740      4      118      0      0 2013-06-30 09:22:59                      
 0x821efc10 alg.exe                1428    740      6      110      0      0 2013-06-30 09:22:59                      
 0x821e7da0 wscntfy.exe            1572   1148      1       37      0      0 2013-06-30 09:23:00                      
 0x822c5980 wuauclt.exe            2140   1148      3      110      0      0 2013-06-30 09:24:03                      
 0x8215a648 rundll32.exe           3548   1828      0 --------      0      0 2013-10-17 21:58:10  2013-10-17 21:58:33 
 0x820a5c10 ctfmon.exe             2176    732      1       88      0      0 2013-10-17 22:42:46                      
 0x820ac5a0 cmd.exe                2504   1828      1       33      0      0 2013-10-17 22:44:26                      
 0x82101318 xchat.exe              3348   1828      3       92      0      0 2013-10-17 22:45:34                      
 0x822bf4d8 decryptpastebin        3292   2504      1       90      0      0 2013-10-17 23:18:43
	Volatile Systems Volatility Framework 2.2
	Offset(V) Name PID PPID Thds Hnds Sess Wow64 Start Exit
	---------- -------------------- ------ ------ ------ -------- ------ ------ -------------------- --------------------
	0x823c6660 System 4 0 61 281 ------ 0
	0x81fcb020 smss.exe 548 4 3 19 ------ 0 2013-06-30 09:22:16
	0x81f3e020 csrss.exe 672 548 12 370 0 0 2013-06-30 09:22:23
	0x820f3020 winlogon.exe 696 548 19 582 0 0 2013-06-30 09:22:23
	0x8205c020 services.exe 740 696 15 294 0 0 2013-06-30 09:22:23
	0x81fdc020 lsass.exe 752 696 20 359 0 0 2013-06-30 09:22:23
	0x820e97f0 vmacthlp.exe 940 740 1 25 0 0 2013-06-30 09:22:25
	0x8208d6e8 svchost.exe 956 740 16 207 0 0 2013-06-30 09:22:26
	0x81e5e020 svchost.exe 1004 740 8 296 0 0 2013-06-30 09:22:26
	0x82072da0 svchost.exe 1148 740 68 1388 0 0 2013-06-30 09:22:26
	0x820137a8 svchost.exe 1340 740 5 78 0 0 2013-06-30 09:22:26
	0x820e93c8 svchost.exe 1448 740 12 189 0 0 2013-06-30 09:22:28
	0x81ee2620 spoolsv.exe 1780 740 10 140 0 0 2013-06-30 09:22:29
	0x82164da0 explorer.exe 1828 1736 10 461 0 0 2013-06-30 09:22:29
	0x81f3d3b8 rundll32.exe 128 1828 4 74 0 0 2013-06-30 09:22:32
	0x81f3cc08 vmtoolsd.exe 140 1828 5 199 0 0 2013-06-30 09:22:32
	0x81e6cda0 svchost.exe 360 740 5 111 0 0 2013-06-30 09:22:44
	0x820f1c10 svchost.exe 396 740 5 105 0 0 2013-06-30 09:22:44
	0x81fcf4b8 vmtoolsd.exe 592 740 7 278 0 0 2013-06-30 09:22:45
	0x82230350 imapi.exe 516 740 4 118 0 0 2013-06-30 09:22:59
	0x821efc10 alg.exe 1428 740 6 110 0 0 2013-06-30 09:22:59
	0x821e7da0 wscntfy.exe 1572 1148 1 37 0 0 2013-06-30 09:23:00
	0x822c5980 wuauclt.exe 2140 1148 3 110 0 0 2013-06-30 09:24:03
	0x8215a648 rundll32.exe 3548 1828 0 -------- 0 0 2013-10-17 21:58:10 2013-10-17 21:58:33
	0x820a5c10 ctfmon.exe 2176 732 1 88 0 0 2013-10-17 22:42:46
	0x820ac5a0 cmd.exe 2504 1828 1 33 0 0 2013-10-17 22:44:26
	0x82101318 xchat.exe 3348 1828 3 92 0 0 2013-10-17 22:45:34
	0x822bf4d8 decryptpastebin 3292 2504 1 90 0 0 2013-10-17 23:18:43