lpus/logs/dump_test/1/eprocess_volscan.txt

78 lines
9.8 KiB
Plaintext
Raw Normal View History

2020-06-05 19:37:13 +07:00
Volatility Foundation Volatility Framework 2.6.1
Offset(P) Name PID PPID PDB Time created Time exited
------------------ ---------------- ------ ------ ------------------ ------------------------------ ------------------------------
0x0000948957c67080 VBoxService.ex 1604 596 0x00000000205e9002 2020-06-04 20:20:35 UTC+0000
0x0000948957c6c080 svchost.exe 6904 596 0x0000000009506002 2020-06-04 06:25:45 UTC+0000 2020-06-04 06:27:55 UTC+0000
0x0000948957caa080 svchost.exe 6448 596 0x000000006a7bc002 2020-06-04 06:21:12 UTC+0000
0x0000948957ce3080 svchost.exe 1508 596 0x000000001ff45002 2020-06-04 20:20:35 UTC+0000
0x0000948957d1b080 svchost.exe 1444 596 0x000000001e3b9002 2020-06-04 20:20:35 UTC+0000
0x0000948957ddf040 Registry 68 4 0x0000000000341002 2020-06-04 20:20:13 UTC+0000
0x000094895ac79400 smss.exe 324 4 0x0000000101742002 2020-06-04 20:20:19 UTC+0000
0x000094895ad15080 powershell.exe 408 1060 0x00000000b5241002 2020-06-04 07:19:20 UTC+0000 2020-06-04 07:20:22 UTC+0000
0x000094895b0452c0 csrss.exe 416 408 0x0000000002e84002 2020-06-04 20:20:33 UTC+0000
0x000094895ba28080 MicrosoftEdgeC 1436 772 0x000000011866b002 2020-06-04 07:16:47 UTC+0000
0x000094895bb25080 MicrosoftEdgeC 2776 772 0x00000000d2641002 2020-06-04 07:16:57 UTC+0000
0x000094895bdb0080 winlogon.exe 544 480 0x0000000001add002 2020-06-04 20:20:33 UTC+0000
0x000094895bdf51c0 services.exe 596 488 0x0000000016c16002 2020-06-04 20:20:33 UTC+0000
0x000094895ca5f280 fontdrvhost.ex 680 544 0x0000000019366002 2020-06-04 20:20:33 UTC+0000
0x000094895ca6a280 fontdrvhost.ex 688 488 0x0000000015d1b002 2020-06-04 20:20:33 UTC+0000
0x000094895ca70380 svchost.exe 708 596 0x0000000017338002 2020-06-04 20:20:33 UTC+0000
0x000094895caf6400 svchost.exe 824 596 0x0000000019ad0002 2020-06-04 20:20:34 UTC+0000
0x000094895cb3a380 svchost.exe 876 596 0x000000001a2b4002 2020-06-04 20:20:34 UTC+0000
0x000094895cbd8400 svchost.exe 384 596 0x000000001950d002 2020-06-04 20:20:34 UTC+0000
0x000094895cc15440 svchost.exe 420 596 0x000000001c315002 2020-06-04 20:20:34 UTC+0000
0x000094895cc223c0 svchost.exe 592 596 0x000000001c549002 2020-06-04 20:20:34 UTC+0000
0x000094895cc5b380 svchost.exe 1064 596 0x000000001d1a4002 2020-06-04 20:20:34 UTC+0000
0x000094895ccae400 svchost.exe 1148 596 0x000000001ddbf002 2020-06-04 20:20:34 UTC+0000
0x000094895cdac400 svchost.exe 1372 596 0x000000001ca24002 2020-06-04 20:20:35 UTC+0000
0x000094895cdae400 svchost.exe 1452 596 0x00000000206dd002 2020-06-04 20:20:35 UTC+0000
0x000094895ce19400 svchost.exe 1632 596 0x0000000023c4f002 2020-06-04 20:20:35 UTC+0000
0x000094895ce1b080 svchost.exe 1640 596 0x0000000022b39002 2020-06-04 20:20:35 UTC+0000
0x000094895ce98400 svchost.exe 1772 596 0x0000000020e71002 2020-06-04 06:20:37 UTC+0000
0x000094895cea7080 MemCompression 1812 4 0x00000000236f8002 2020-06-04 06:20:37 UTC+0000
0x000094895ceb5380 svchost.exe 1868 596 0x0000000025c34002 2020-06-04 06:20:37 UTC+0000
0x000094895cf2e3c0 svchost.exe 1936 596 0x0000000024179002 2020-06-04 06:20:37 UTC+0000
0x000094895cf90400 svchost.exe 1660 596 0x0000000022790002 2020-06-04 06:20:37 UTC+0000
0x000094895cf98400 svchost.exe 1352 596 0x0000000025171002 2020-06-04 06:20:37 UTC+0000
0x000094895e017440 svchost.exe 2088 596 0x0000000021120002 2020-06-04 06:20:38 UTC+0000
0x000094895e02b380 svchost.exe 2128 596 0x0000000027d28002 2020-06-04 06:20:38 UTC+0000
0x000094895e077400 svchost.exe 2160 596 0x0000000025ec9002 2020-06-04 06:20:38 UTC+0000
0x000094895e0ce400 svchost.exe 2208 596 0x00000000260c0002 2020-06-04 06:20:38 UTC+0000
0x000094895e0d8400 svchost.exe 2232 596 0x000000002652a002 2020-06-04 06:20:38 UTC+0000
0x000094895e169380 svchost.exe 2928 596 0x000000002e054002 2020-06-04 06:20:39 UTC+0000
0x000094895e171080 svchost.exe 2684 596 0x000000002ad7c002 2020-06-04 06:20:39 UTC+0000
0x000094895e391080 SearchProtocol 1648 5160 0x000000009b248002 2020-06-04 07:26:11 UTC+0000
0x000094895e54e4c0 NisSrv.exe 2016 596 0x00000000b4eff002 2020-06-04 06:28:41 UTC+0000
0x000094895e929480 smartscreen.ex 3256 772 0x00000000c11d6002 2020-06-04 07:16:27 UTC+0000
0x000094895e9412c0 Windows.WARP.J 5712 5580 0x00000000c0f76002 2020-06-04 07:16:26 UTC+0000
0x000094895e9512c0 MsMpEng.exe 4676 596 0x0000000044f09002 2020-06-04 06:28:33 UTC+0000
0x000094895e970080 SearchUI.exe 4692 772 0x0000000057496002 2020-06-04 06:21:01 UTC+0000
0x000094895eaaf440 sihost.exe 432 1292 0x0000000043c29002 2020-06-04 06:20:50 UTC+0000
0x000094895eaee480 svchost.exe 1588 596 0x0000000043ecd002 2020-06-04 06:20:50 UTC+0000
0x000094895eaf54c0 svchost.exe 3152 596 0x0000000045d46002 2020-06-04 06:20:50 UTC+0000
0x000094895eaf84c0 svchost.exe 3672 596 0x00000000465a3002 2020-06-04 06:20:50 UTC+0000
0x000094895eb5b4c0 taskhostw.exe 4124 1064 0x0000000046bc4002 2020-06-04 06:20:50 UTC+0000
0x000094895ebbd3c0 svchost.exe 4232 596 0x000000004306e002 2020-06-04 06:20:50 UTC+0000
0x000094895ebc2440 ctfmon.exe 4300 4232 0x0000000041c8c002 2020-06-04 06:20:50 UTC+0000
0x000094895ec5e080 userinit.exe 4400 544 0x0000000046ed7002 2020-06-04 06:20:51 UTC+0000 2020-06-04 06:21:20 UTC+0000
0x000094895eccc4c0 Code.exe 6968 3736 0x00000000bb0c4002 2020-06-04 07:19:16 UTC+0000
0x000094895ece5080 dllhost.exe 4648 772 0x00000000502b5002 2020-06-04 06:20:53 UTC+0000
0x000094895edf6080 StartMenuExper 4972 772 0x0000000053638002 2020-06-04 06:21:00 UTC+0000
0x000094895ef1b480 RuntimeBroker. 5092 772 0x0000000056e70002 2020-06-04 06:21:00 UTC+0000
0x000094895f2074c0 ApplicationFra 5336 772 0x000000005c223002 2020-06-04 06:21:04 UTC+0000
0x000094895f2dd080 SkypeApp.exe 5412 772 0x000000005fea5002 2020-06-04 06:21:05 UTC+0000
0x000094895f3be480 browser_broker 5544 772 0x0000000060a28002 2020-06-04 06:21:05 UTC+0000
0x000094895f3c5080 YourPhone.exe 5588 772 0x000000006315e002 2020-06-04 06:21:05 UTC+0000
0x000094895f3ce400 svchost.exe 5580 596 0x0000000063376002 2020-06-04 06:21:05 UTC+0000
0x000094895f449080 WinStore.App.e 5952 772 0x00000001142d1002 2020-06-04 06:22:36 UTC+0000
0x000094895f44b480 RuntimeBroker. 5860 772 0x0000000061748002 2020-06-04 06:21:06 UTC+0000
0x000094895f4e9240 MicrosoftEdgeC 6048 772 0x0000000063ba6002 2020-06-04 06:21:07 UTC+0000
0x000094895f571480 RuntimeBroker. 6908 772 0x000000006dcb1002 2020-06-04 06:21:16 UTC+0000
0x000094895f7ca380 SecurityHealth 2248 596 0x000000006f4ba002 2020-06-04 06:21:21 UTC+0000
0x000094895ffce080 MicrosoftEdgeC 3288 772 0x00000000bd993002 2020-06-04 07:16:41 UTC+0000 2020-06-04 07:19:52 UTC+0000
0x000094895fff2480 conhost.exe 5696 1892 0x0000000058bc3002 2020-06-04 07:19:49 UTC+0000
0x00009489600c50c0 Code.exe 1060 3736 0x000000003859d002 2020-06-04 07:19:17 UTC+0000
0x00009489602ec080 dllhost.exe 4156 772 0x000000009589c002 2020-06-04 07:16:29 UTC+0000
0x00009489603ca080 Windows.WARP.J 7068 5580 0x00000000bb4da002 2020-06-04 07:16:48 UTC+0000
0x0000948960acc080 svchost.exe 3204 596 0x00000000c4173002 2020-06-04 07:19:47 UTC+0000