We just published a blog post on creating new Volatility 3 plugins to detect hidden services on Windows: https://volatility-labs.blogspot.com/2023/03/memory-forensics-r-d-illustrat… The post covers background on how malware abuses services, how services are tracked on a live system, and how we developed our new plugins. Feedback and comments encouraged! — The Volatility Team