drop volatility threads or dlllist or vadinfo output · thread start addresses outside known modules · apc and createremotethread artifacts · runs locally
volatility output
drop threads / dlllist / vadinfo
or click
drop volatility threads · dlllist · vadinfo