Volatility Profile Information
================================
System: Windows 10 Enterprise
Build: 19041
Architecture: x64
Kernel: 10.0.19041.1

Recommended Profile: Win10x64_19041

Volatility 2 Commands:
----------------------
volatility -f memory.raw --profile=Win10x64_19041 pslist
volatility -f memory.raw --profile=Win10x64_19041 pstree
volatility -f memory.raw --profile=Win10x64_19041 malfind
volatility -f memory.raw --profile=Win10x64_19041 dlllist
volatility -f memory.raw --profile=Win10x64_19041 netscan
volatility -f memory.raw --profile=Win10x64_19041 cmdline

Volatility 3 Commands:
----------------------
volatility -f memory.raw windows.pslist.PsList
volatility -f memory.raw windows.pstree.PsTree
volatility -f memory.raw windows.malfind.Malfind
volatility -f memory.raw windows.dlllist.DllList
volatility -f memory.raw windows.netscan.NetScan
volatility -f memory.raw windows.cmdline.CmdLine

Important PIDs to investigate:
- Look for abnormal parent-child relationships
- Check svchost.exe processes for injection
- Examine processes with RWX memory regions