I believe that one of my lab VM is owned by a sophisticated rootkit.

There are many signs of that:

Live analysis was a dead end. Needless to say that common live analysis tools and AV found nothing.

So I have been focussed for days on analyzing the RAM with Volatility. And I found absolutely nothing.

I am just afraid that now it is beyond my skills at this moment.

If some of you are curious, do not hesitate to have a look. Of course, I would love to learn more and get some tips and feedbacks.

I can provide more volatility output if necessary, or even the dump.

Thank you!