From f326c85522beac3be0855f46752b4be180857c55 Mon Sep 17 00:00:00 2001
From: Jan Vales <jan@jvales.net>
Date: Fri, 6 Jun 2014 23:21:31 +0200
Subject: [PATCH] nicer formatting

---
 report3/content.tex | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/report3/content.tex b/report3/content.tex
index f5fdb55..b470266 100644
--- a/report3/content.tex
+++ b/report3/content.tex
@@ -85,7 +85,9 @@ Offset(P)       PID   Port  Proto Protocol        Address         Create Time
 \subsection{Can you find traces of Malware?}
 emph{\textbf{rundll32.exe}} could hint that the system has been compromised.\\
 
-Extracting screenshots with \ttfamily{volatility -f image1.vmem --profile=WinXPSP2x86 screenshot --dump-dir screenshots} brings an image named \emph{\textbf{IMAGE1:/screenshots/session\_0.WinSta0.Default.png}} containing an outline with a Message where DEP is closing Acrobat with an open file named \emph{\textbf{navy procurement.pdf}}.\\
+Extracting screenshots with:\\
+\ttfamily{volatility -f image1.vmem --profile=WinXPSP2x86 screenshot --dump-dir screenshots}\\
+brings an image named \emph{\textbf{IMAGE1:/screenshots/session\_0.WinSta0.Default.png}} extracts an image containing an outline with a Message where DEP is closing Acrobat with an open file named \emph{\textbf{navy procurement.pdf}}.\\
 This could hint at a compromised PDF.\\
 
 The TCP-LISTEN on port 1031 seems to be used by malware as described by \url{http://de.adminsub.net/tcp-udp-port-finder/1031} or \url{http://www.auditmypc.com/tcp-port-1031.asp}.\\
-- 
2.43.0