YUKI.N>volatility_2.6_win64_standalone.exe imageinfo -f D:\...\mememachinememory.vmem
Volatility Foundation Volatility Framework 2.6
INFO    : volatility.debug    : Determining profile based on KDBG search...
          Suggested Profile(s) : WinXPSP2x86, WinXPSP3x86 (Instantiated with WinXPSP2x86)
                     AS Layer1 : IA32PagedMemoryPae (Kernel AS)
                     AS Layer2 : FileAddressSpace (D:\...\mememachinememory.vmem)
                      PAE type : PAE
                           DTB : 0x334000L
                          KDBG : 0x80545ae0L
          Number of Processors : 1
     Image Type (Service Pack) : 3
                KPCR for CPU 0 : 0xffdff000L
             KUSER_SHARED_DATA : 0xffdf0000L
           Image date and time : 2021-02-24 19:53:21 UTC+0000
     Image local date and time : 2021-02-24 14:53:21 -0500

YUKI.N>volatility_2.6_win64_standalone.exe -f D:\...\mememachinememory.vmem hivelist --profile=WinXPSP2x86
Volatility Foundation Volatility Framework 2.6
Virtual    Physical   Name
---------- ---------- ----
0xe1b974e0 0x089ff4e0 \Device\HarddiskVolume1\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
0xe1b8fb60 0x0892eb60 \Device\HarddiskVolume1\Documents and Settings\LocalService\NTUSER.DAT
0xe1b68b60 0x08379b60 \Device\HarddiskVolume1\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
0xe1b5e008 0x082a2008 \Device\HarddiskVolume1\Documents and Settings\NetworkService\NTUSER.DAT
0xe1625950 0x049d1950 \Device\HarddiskVolume1\WINDOWS\system32\config\software
0xe15e40f0 0x03f990f0 \Device\HarddiskVolume1\WINDOWS\system32\config\default
0xe161fb60 0x049a5b60 \Device\HarddiskVolume1\WINDOWS\system32\config\SAM
0xe15e8b60 0x04044b60 \Device\HarddiskVolume1\WINDOWS\system32\config\SECURITY
0xe13e5530 0x024ad530 [no name]
0xe1018370 0x020dd370 \Device\HarddiskVolume1\WINDOWS\system32\config\system
0xe1008b60 0x020a1b60 [no name]
0xe2031008 0x00711008 \Device\HarddiskVolume1\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
0xe1ab1690 0x06b5f690 \Device\HarddiskVolume1\Documents and Settings\Administrator\NTUSER.DAT

YUKI.N>volatility_2.6_win64_standalone.exe -f D:\...\mememachinememory.vmem hashdump -y 0xe1018370 -s 0xe161fb60 > D:\...\hashes.txt
Volatility Foundation Volatility Framework 2.6

YUKI.N>