The handles plugin allows analysts to view what type of handles are open in an existing process. This includes a wide variety of information including registry keys and files associated with that process. To identify the open handles for the PID 868 that was previously identified, the following command is used:
forensics@ubuntu:~/Documents$ volatility -f stuxnet.vmem --profile=WinXPSP2x86 -p 868 handles
That preceding command produces the output found in the following screenshot. As the output indicates, the suspect process has several open handle processes, threads, and a registry key.