From 8ff24cef71a1dcd412b621502911799b6f9e5171 Mon Sep 17 00:00:00 2001
From: BlueTeamOps <1480956+blueteam0ps@users.noreply.github.com>
Date: Sun, 21 Aug 2022 22:54:11 +1000
Subject: [PATCH] Added ldrmodules to the plugins list

Added ldrmodules to the plugins list as it contains valuable info to identify rootkits
---
 winSuperMem.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/winSuperMem.py b/winSuperMem.py
index 4a97f20..9473172 100644
--- a/winSuperMem.py
+++ b/winSuperMem.py
@@ -64,7 +64,8 @@
                       {"plugin": "windows.pslist.PsList", "params": ""},
                       {"plugin": "windows.registry.hivelist.HiveList", "params": ""},
                       {"plugin": "windows.ssdt.SSDT", "params": ""},
-                      {"plugin": "windows.registry.hivescan.HiveScan", "params": ""}]
+                      {"plugin": "windows.registry.hivescan.HiveScan", "params": ""}],
+                      {"plugin": "windows.ldrmodules.LdrModules", "params": ""}]
 
 # Volatility3 Plugins for Full Triage
 FULLTRIAGEPLUGINS = [{"plugin": "windows.modscan.ModScan", "params": ""},