drop volatility malfind or cmdline or pstree output · detect process hollowing indicators · vad vs image mismatches · dkom hidden processes · runs locally
volatility output
drop malfind / pslist / psscan / vadinfo
or click
drop malfind · pslist · psscan · cmdline · vadinfo