VolGetProcWithMalNetConn

Gets the list of processes that have connections to IP addresses with a bad reputation.

Script Data


NameDescription
Script Typejavascript
Tagsmemory, forensics, volatility, server

Inputs


Argument NameDescription
memdumpThe path to memory dump the file on the system being used.
systemThe system with Volatility installed to be used for the analysis.
profileThe Volatility profile to use.
repthresholdThe reputation threshold. Any IP addresses up to and including this score are considered malicious.
repscriptThe reputation script to use to check IP addresses.

Outputs


There are no outputs for this script.