Volatility 3 Framework 2.5.0 C:\Users\Roose\Downloads\VolatilityWorkbench\vol.exe : At line:1 char:1 + C:\Users\Roose\Downloads\VolatilityWorkbench\vol.exe -f mem.dmp windo ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (:String) [], RemoteException + FullyQualifiedErrorId : NativeCommandError Progress: 0.00 Updating caches for 60 files... Progress: 1.67 Updating caches for 60 files... Progress: 3.33 Updating caches for 60 files... Progress: 5.00 Updating caches for 60 files... Progress: 6.67 Updating caches for 60 files... Progress: 8.33 Updating caches for 60 files... Progress: 10.00 Updating caches for 60 files... Progress: 11.67 Updating caches for 60 files... Progress: 13.33 Updating caches for 60 files... Progress: 15.00 Updating caches for 60 files... Progress: 16.67 Updating caches for 60 files... Progress: 18.33 Updating caches for 60 files... Progress: 20.00 Updating caches for 60 files... Progress: 21.67 Updating caches for 60 files... Progress: 23.33 Updating caches for 60 files... Progress: 25.00 Updating caches for 60 files... Progress: 26.67 Updating caches for 60 files... Progress: 28.33 Updating caches for 60 files... Progress: 30.00 Updating caches for 60 files... Progress: 31.67 Updating caches for 60 files... Progress: 33.33 Updating caches for 60 files... Progress: 35.00 Updating caches for 60 files... Progress: 36.67 Updating caches for 60 files... Progress: 38.33 Updating caches for 60 files... Progress: 40.00 Updating caches for 60 files... Progress: 41.67 Updating caches for 60 files... Progress: 43.33 Updating caches for 60 files... Progress: 45.00 Updating caches for 60 files... Progress: 46.67 Updating caches for 60 files... Progress: 48.33 Updating caches for 60 files... Progress: 50.00 Updating caches for 60 files... Progress: 51.67 Updating caches for 60 files... Progress: 53.33 Updating caches for 60 files... Progress: 55.00 Updating caches for 60 files... Progress: 56.67 Updating caches for 60 files... Progress: 58.33 Updating caches for 60 files... Progress: 60.00 Updating caches for 60 files... Progress: 61.67 Updating caches for 60 files... Progress: 63.33 Updating caches for 60 files... Progress: 65.00 Updating caches for 60 files... Progress: 66.67 Updating caches for 60 files... Progress: 68.33 Updating caches for 60 files... Progress: 70.00 Updating caches for 60 files... Progress: 71.67 Updating caches for 60 files... Progress: 73.33 Updating caches for 60 files... Progress: 75.00 Updating caches for 60 files... Progress: 76.67 Updating caches for 60 files... Progress: 78.33 Updating caches for 60 files... Progress: 80.00 Updating caches for 60 files... Progress: 81.67 Updating caches for 60 files... Progress: 83.33 Updating caches for 60 files... Progress: 85.00 Updating caches for 60 files... Progress: 86.67 Updating caches for 60 files... Progress: 88.33 Updating caches for 60 files... Progress: 90.00 Updating caches for 60 files... Progress: 91.67 Updating caches for 60 files... Progress: 93.33 Updating caches for 60 files... Progress: 95.00 Updating caches for 60 files... Progress: 96.67 Updating caches for 60 files... Progress: 98.33 Updating caches for 60 files... Progress: 0.00 Scanning Elf64Layer using PageMapScanner Progress: 0.00 Scanning Elf64Layer using PageMapScanner Progress: 23.33 Scanning Elf64Layer using PageMapScanner Progress: 0.00 Scanning Elf64Layer using PageMapScanner Progress: 0.00 Scanning Elf64Layer using PageMapScanner Progress: 0.00 Scanning Elf64Layer using PageMapScanner Progress: 100.00 Stacking attempts finished Progress: 0.00 Scanning memory_layer using BytesScanner Progress: 0.39 Scanning memory_layer using BytesScanner Progress: 0.78 Scanning memory_layer using BytesScanner Progress: 0.00 Scanning layer_name using PdbSignatureScanner Progress: 0.00 Scanning layer_name using PdbSignatureScanner Progress: 87.99 Scanning layer_name using PdbSignatureScanner PID Process Args 4 System Required memory at 0x10 is not valid (process exited?) 240 smss.exe \SystemRoot\System32\smss.exe 308 csrss.exe %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 344 wininit.exe wininit.exe 356 csrss.exe %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 396 winlogon.exe winlogon.exe 440 services.exe C:\Windows\system32\services.exe 448 lsass.exe C:\Windows\system32\lsass.exe 456 lsm.exe C:\Windows\system32\lsm.exe 560 svchost.exe C:\Windows\system32\svchost.exe -k DcomLaunch 624 VBoxService.ex system32\VBoxService.exe 676 svchost.exe C:\Windows\system32\svchost.exe -k RPCSS 728 svchost.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted 844 svchost.exe C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted 884 svchost.exe C:\Windows\system32\svchost.exe -k netsvcs 996 svchost.exe C:\Windows\system32\svchost.exe -k LocalService 1096 svchost.exe C:\Windows\system32\svchost.exe -k NetworkService 1244 dwm.exe "C:\Windows\system32\Dwm.exe" 1256 explorer.exe C:\Windows\Explorer.EXE 1320 spoolsv.exe C:\Windows\System32\spoolsv.exe 1360 taskhost.exe "taskhost.exe" 1376 svchost.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork 1460 vmicsvc.exe C:\Windows\system32\vmicsvc.exe -feature Heartbeat 1480 vmicsvc.exe C:\Windows\system32\vmicsvc.exe -feature KvpExchange 1508 vmicsvc.exe C:\Windows\system32\vmicsvc.exe -feature Shutdown 1532 vmicsvc.exe C:\Windows\system32\vmicsvc.exe -feature TimeSync 1560 vmicsvc.exe C:\Windows\system32\vmicsvc.exe -feature VSS 1596 svchost.exe C:\Windows\System32\svchost.exe -k utcsvc 1680 cygrunsrv.exe "C:\Program Files\OpenSSH\bin\cygrunsrv.exe" 1768 wlms.exe C:\Windows\system32\wlms\wlms.exe 1956 VBoxTray.exe "C:\Windows\System32\VBoxTray.exe" 360 cygrunsrv.exe Required memory at 0x7ffdd010 is not valid (process exited?) 432 conhost.exe \??\C:\Windows\system32\conhost.exe "-634676368-15490989991543158334-176557927-7231009001657375370-1866536686-245420296 284 sshd.exe "C:\Program Files\OpenSSH\usr\sbin\sshd.exe" 1276 sppsvc.exe C:\Windows\system32\sppsvc.exe 2024 svchost.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted 2148 SearchIndexer. C:\Windows\system32\SearchIndexer.exe /Embedding 2248 SearchFilterHo "C:\Windows\system32\SearchFilterHost.exe" 0 504 508 516 65536 512 2284 SearchProtocol "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe2_ Global\UsGthrCtrlFltPipeMssGthrPipe2 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" 2388 csrss.exe %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 2416 winlogon.exe winlogon.exe 2608 taskhost.exe "taskhost.exe" 2664 dwm.exe "C:\Windows\system32\Dwm.exe" 2676 explorer.exe C:\Windows\Explorer.EXE 2884 VBoxTray.exe "C:\Windows\System32\VBoxTray.exe" 3216 iexplore.exe "C:\Program Files\Internet Explorer\iexplore.exe" 3884 WmiPrvSE.exe C:\Windows\system32\wbem\wmiprvse.exe Progress: 100.00 PDB scanning finished