After viewing the list of running processes, we run the psscan command by typing:

volatility --profile=WinXPSP3x86 -f cridex.vmem psscan

The psscan command displays inactive and even hidden processes that can be used by malware, such as rootkits, and are well known for doing just that to evade discovery by users and antivirus programs.

The output of both the pslist and psscan commands should be compared to observe any anomalies: