VADTREE Information Table - Mem_Evidence.raw
| PID | Process Name | vadtree | Binary Size | VirusTotal | Hash - MD5 | Hash - SHA-256 | PPID | Parent Process Name | Start | Exit | Path | Command Line |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 4 | System | vadtree | - | 0 | 2019-06-29 07:28:07 | |||||||
| 220 | svchost.exe | vadtree | 27.14 KBs | Link | 452c8dc84ab99bc97e7ec95536c32c90 | 7a8a0a8e1241741822a9fff6a945bf4b0c1155c4541abc06c3b74dcf92ee933d | 472 | services.exe | 2019-06-29 07:28:27 | C:\Windows\system32\svchost.exe | C:\Windows\system32\svchost.exe -k LocalService | |
| 256 | smss.exe | vadtree | 112.64 KBs | Link | 974b79e60f5dc8f60d768e7787d495fe | 247bc06223f79604d64d48869f06c6f66253aced4a01f664f6fc241f8566e2f1 | 4 | System | 2019-06-29 07:28:07 | C:\Windows\System32\smss.exe | \SystemRoot\System32\smss.exe | |
| 328 | csrss.exe | vadtree | 7.68 KBs | Link | 3ca03b03c5c56d77747f1f230f27406a | 61dab8eb1e989b0e608eea913cd964ce3dbd7d062a508cdb8dfa1ad8ce4529bb | 320 | 2019-06-29 07:28:14 | C:\Windows\system32\csrss.exe | %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 | ||
| 376 | csrss.exe | vadtree | 7.68 KBs | Link | a4d0103c689861ed0b2812c3ed12ad0a | 30483a8fc4d9cda60c55f78f0ea4d8473b944c637545385e82e26cd017035465 | 368 | 2019-06-29 07:28:15 | C:\Windows\system32\csrss.exe | %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 | ||
| 384 | wininit.exe | vadtree | 129.02 KBs | Link | a44f827a692b88723d1b9b91437f180a | 850c42500a2b280cd645bd772a9c3a875596049d3cfbdb5890fc6799103f82e8 | 320 | 2019-06-29 07:28:15 | C:\Windows\system32\wininit.exe | wininit.exe | ||
| 412 | winlogon.exe | vadtree | 390.66 KBs | Link | 2a66ec5ebe16de4422f8dc74db976b6b | 94bc97d4816e70d6a07ff471d709fb0fa5233502fbc05c96d45dfbf2ece599e8 | 368 | 2019-06-29 07:28:15 | C:\Windows\system32\winlogon.exe | winlogon.exe | ||
| 472 | services.exe | vadtree | 328.7 KBs | Link | f1e102f0f04b317e59d2974a5bf7a9de | ee856321824703845576f914785c234a50c107857376ae115ceefd10b9b95340 | 384 | wininit.exe | 2019-06-29 07:28:17 | C:\Windows\system32\services.exe | C:\Windows\system32\services.exe | |
| 480 | lsass.exe | vadtree | 31.23 KBs | Link | 10c268be35213ad219e8c8a0065814aa | f2619871a1c7589aef6dd5b32c6a5bc2d790f042b9c9bf4236759ec50cd5018f | 384 | wininit.exe | 2019-06-29 07:28:17 | C:\Windows\system32\lsass.exe | C:\Windows\system32\lsass.exe | |
| 484 | svchost.exe | vadtree | 27.14 KBs | Link | 278490b73682122d972fbf8f6da49e21 | edab35d10b45bbbaa424f4e14c29ee8b23a4bb6c9fd6ea56da807ffd1941b4ca | 472 | services.exe | 2019-06-29 07:28:29 | C:\Windows\system32\svchost.exe | C:\Windows\system32\svchost.exe -k NetworkService | |
| 488 | lsm.exe | vadtree | 343.04 KBs | Link | ba09e3007407cdced080ca3d2faf29d2 | 5e996700c914696ba070c54831dfe414bfd1749b45a5ff0eff54e8380962dc75 | 384 | wininit.exe | 2019-06-29 07:28:17 | C:\Windows\system32\lsm.exe | C:\Windows\system32\lsm.exe | |
| 580 | svchost.exe | vadtree | 27.14 KBs | Link | 27ca698b25260086844a5736156551f9 | f5e903b96947f7f2e1665f362326874f40b393a4cbcdddfc349f47184555f858 | 472 | services.exe | 2019-06-29 07:28:21 | C:\Windows\system32\svchost.exe | C:\Windows\system32\svchost.exe -k DcomLaunch | |
| 640 | VBoxService.ex | vadtree | 2.68 MBs | Link | b7cd4b2e4d8f8c3f51104d8f4cbb2a07 | a6894ee37d22f5efef8d1933ef1e084863fe41625ce28f2980258ca7990d9a4f | 472 | services.exe | 2019-06-29 07:28:21 | C:\Windows\System32\VBoxService.exe | ||
| 708 | svchost.exe | vadtree | 27.14 KBs | Link | 81c8ec70ef208d4edfada3c4c0b0809f | 119372b9d3791259b957eeb84439dc658eef94a9a65d1c62478b261254211cfd | 472 | services.exe | 2019-06-29 07:28:22 | C:\Windows\system32\svchost.exe | C:\Windows\system32\svchost.exe -k RPCSS | |
| 804 | svchost.exe | vadtree | 27.14 KBs | Link | 6797fa84fb68f866165dcee5ec7bac6f | 3c3566775d16165dd9d379d01756fb4f55de45e00fc8cd603a3fea29906ca531 | 472 | services.exe | 2019-06-29 07:28:23 | C:\Windows\System32\svchost.exe | C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted | |
| 840 | svchost.exe | vadtree | 27.14 KBs | Link | 6879435656cbdb59e8b66ae7a5e0cc4b | c412950e4069d26e9a903009f56eb3f422fce6bfadf7feb359242864ddc70fb0 | 472 | services.exe | 2019-06-29 07:28:24 | C:\Windows\System32\svchost.exe | C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted | |
| 864 | svchost.exe | vadtree | 27.14 KBs | Link | 9ee45b79450f75afdc0cf1203eff2e12 | 15655ba473b9feb208010b78d3e755ca63f85509f3119021d1ed6577b40a2f4d | 472 | services.exe | 2019-06-29 07:28:24 | C:\Windows\system32\svchost.exe | C:\Windows\system32\svchost.exe -k netsvcs | |
| 952 | audiodg.exe | vadtree | 126.46 KBs | Link | 83be5c14b4ef1237cd106a68bd94a293 | 2c750e5e1ad1e8df7605225f6fa50c8794e25ded5dbb613a98d58010cdf63534 | 804 | svchost.exe | 2019-06-29 07:28:26 | C:\Windows\system32\AUDIODG.EXE | C:\Windows\system32\AUDIODG.EXE 0x2ac | |
| 1068 | SearchIndexer. | vadtree | 593.41 KBs | Link | 90c4e954c6feda0840359133aa11225a | 55bc6de79d9b28db8afe988ce8dd9f67cb9eff50031bb48ad296041d4dbd81f7 | 472 | services.exe | 2019-06-29 07:28:58 | C:\Windows\system32\SearchIndexer.exe /Embedding | ||
| 1132 | spoolsv.exe | vadtree | 559.1 KBs | Link | 7ea7450aaea21465fc5c07b6bbb7ffec | 2d58d9f15f864963bcb3a31a4f7fdbe91c87d7fcacc22d3a401a38942d1c23ff | 472 | services.exe | 2019-06-29 07:28:32 | C:\Windows\System32\spoolsv.exe | C:\Windows\System32\spoolsv.exe | |
| 1176 | svchost.exe | vadtree | 27.14 KBs | Link | abe3cfdf2a66af1b58288fadc9148417 | c33ec892403fcc1e546e76d413bbb141a12a339aa86a5d3693e8523f95e63fab | 472 | services.exe | 2019-06-29 07:28:33 | C:\Windows\system32\svchost.exe | C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork | |
| 1276 | svchost.exe | vadtree | 27.14 KBs | Link | 32667e93828115e23b7d14d2f43416b2 | 594e2a3f088184207e29a70824a43686e4b888077efa91f387ffaca9a059d3c1 | 472 | services.exe | 2019-06-29 07:28:34 | C:\Windows\system32\svchost.exe | C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation | |
| 1592 | VBoxTray.exe | vadtree | 2.6 MBs | Link | 27acf2873929704b2277d91b59a3fc4b | 5f4e9c2e745dca97e7a8552e7ffcc3fc0814c1d267a9f5f72cb4480f0f0ae617 | 1944 | explorer.exe | 2019-06-29 07:28:53 | C:\Windows\System32\VBoxTray.exe | ";C:\Windows\System32\VBoxTray.exe"; | |
| 1688 | SearchFilterHo | vadtree | 113.66 KBs | Link | 11f3a2c8e3eac74dbe512ce4a2abf36f | afcf25bc0167c34cfea7fac0f95d0c80008d8758529a506f32b9a1d453f968ba | 1068 | SearchIndexer. | 2019-06-29 07:29:02 | ";C:\Windows\system32\SearchFilterHost.exe"; 0 516 520 528 65536 524 | ||
| 1696 | SearchProtocol | vadtree | 249.86 KBs | Link | d8713932ee69e0d12ee85bd261909e5b | 5b809dd63adddc27761c8de2bb2501a572f6d1a3e9cdb06e876f1ad3f2986081 | 1068 | SearchIndexer. | 2019-06-29 07:29:02 | ";C:\Windows\system32\SearchProtocolHost.exe"; Global\UsGthrFltPipeMssGthrPipe_S-1-5-21-410795266-795571449-2132107757-10001_ Global\UsGthrCtrlFltPipeMssGthrPipe_S-1-5-21-410795266-795571449-2132107757-10001 1 -2147483646 ";Software\Microsoft\Windows Search"; ";Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)"; ";C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc"; ";DownLevelDaemon"; ";1"; | ||
| 1804 | taskhost.exe | vadtree | 69.12 KBs | Link | 87ea6c6d352d8681fb38fb6d960cb0f9 | 43c831e5d0722f6103d82d882c9779a0e0fd30fce60b67ef014045a6e95e7115 | 472 | services.exe | 2019-06-29 07:28:42 | C:\Windows\system32\taskhost.exe | ";taskhost.exe"; | |
| 1824 | taskeng.exe | vadtree | 464.38 KBs | Link | 46f8e8eb81330b1c78ec2ad4c0560641 | 613c8c96a8c9edc9089e121729a93fc40dcf5f87924bb8a7e845f49848b43590 | 864 | svchost.exe | 2019-06-29 07:28:42 | C:\Windows\system32\taskeng.exe | taskeng.exe {243F5DED-C140-47D9-B005-B07948B2A976} | |
| 1908 | dwm.exe | vadtree | 120.32 KBs | Link | bfd22e209591d376ab1522b3eab44ad2 | a55d862f37180e05906fd95dd0549b59ffd4dd7b02df0406ac2cd64305b3c038 | 840 | svchost.exe | 2019-06-29 07:28:43 | C:\Windows\system32\Dwm.exe | ";C:\Windows\system32\Dwm.exe"; | |
| 1944 | explorer.exe | vadtree | 2.87 MBs | Link | 9fb39549a106508d7e7b4195d36f2bcb | d5e2c9fe6bcc39377716935fc83e47c00a19135b89289d22e74e4bb1fae5d83f | 1872 | 2019-06-29 07:28:44 | C:\Windows\Explorer.EXE | C:\Windows\Explorer.EXE | ||
| 2076 | dllhost.exe | vadtree | 9.73 KBs | Link | d604d8ad64f2da6ea81309f6efbe985f | 3c0d31828995a33b5938e237fb47f19b608863fab116484512ff7365d41c4bf3 | 580 | svchost.exe | 2019-06-29 07:29:02 | C:\Windows\system32\DllHost.exe | C:\Windows\system32\DllHost.exe /Processid:{76D0CB12-7604-4048-B83C-1005C7DDC503} | |
| 2272 | GoogleCrashHan | vadtree | 280.06 KBs | Link | 3eb9a03034122d0e14c2cfe6db54f415 | 2f7939c8f0ae40a347e3973fda15f6b621c283b02e09aec2af48676f570f66f2 | 2008 | 2019-06-29 07:29:08 | ";C:\Program Files (x86)\Google\UpdateΙ.3.34.11\GoogleCrashHandler.exe"; | |||
| 2284 | GoogleCrashHan | vadtree | 358.91 KBs | Link | 095583ff70f44c5e162a646771897de0 | ab5dbd7f80292def3cb40c606cc5f603e8035b29a30f4a99da40f58f72096a1f | 2008 | 2019-06-29 07:29:08 | ";C:\Program Files (x86)\Google\UpdateΙ.3.34.11\GoogleCrashHandler64.exe"; | |||
| 2384 | VBoxTray.exe | vadtree | 2.6 MBs | Link | d5c2fe85217f1713c91a3272b4bd690d | 657fd3626dee5c1c2cda0ab735051fd0d4586a50c2d4bee07583522f75a85452 | 3012 | explorer.exe | 2019-06-29 07:29:37 | C:\Windows\System32\VBoxTray.exe | ";C:\Windows\System32\VBoxTray.exe"; | |
| 2432 | StikyNot.exe | vadtree | 427.52 KBs | Link | d53bd0444fdee11d70a4e29c80170034 | 3d82b7bf5f81b13f4ec6ab40db88311b39394621a4f4848dd7d744d56cb1189c | 3012 | explorer.exe | 2019-06-29 07:29:37 | C:\Windows\System32\StikyNot.exe | ";C:\Windows\System32\StikyNot.exe"; | |
| 2624 | DumpIt.exe | vadtree | 199.68 KBs | Link | f86c86c03d6b7868eb3472fca2dfc2ed | 1fa0255cffb74a7264e2dc1c7e5563d5d1df76d6797221da46df212f3af128f | 1944 | explorer.exe | 2019-06-29 07:29:25 | C:\Users\eminem\Desktop\DumpIt\DumpIt.exe | ";C:\Users\eminem\Desktop\DumpIt\DumpIt.exe"; | |
| 2636 | conhost.exe | vadtree | 337.92 KBs | Link | 20fc4f73fc176a3ff27367497e886ed8 | 37192a81911d5e8a5ff1d6190d09fcc0359fe77777cfb94cae9c794826d1072d | 376 | csrss.exe | 2019-06-29 07:29:25 | C:\Windows\system32\conhost.exe | \??\C:\Windows\system32\conhost.exe | |
| 2700 | csrss.exe | vadtree | 7.68 KBs | Link | b166fde463ff4ad1f8ebc07b43722da1 | 41eb2b3cdc97b0f909e3779240ae8573accedeea7f05d7d0418d0a49ccfb3ac4 | 2692 | 2019-06-29 07:29:30 | C:\Windows\system32\csrss.exe | %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 | ||
| 2728 | winlogon.exe | vadtree | 390.66 KBs | Link | ff46e8a8c7892b9de79ed10aa5fb288e | 77d3edc98929d2d62d82b756356d4039d56ddf0e9b5aa0cc2777fd43c96aa1b7 | 2692 | 2019-06-29 07:29:30 | C:\Windows\system32\winlogon.exe | winlogon.exe | ||
| 2976 | taskhost.exe | vadtree | 69.12 KBs | Link | 97e6d3ebbdee335ac3f661e1fa3c03f0 | b5657e0d745de87df5a890edeceeabae68bdb9ff3b61a3d287b03211e48e5c84 | 472 | services.exe | 2019-06-29 07:29:36 | C:\Windows\system32\taskhost.exe | ";taskhost.exe"; | |
| 3000 | dwm.exe | vadtree | 120.32 KBs | Link | 08fa73582cb0a3eafa6c372e3b89e7c4 | c3243d4c38c5d2ba939fba6f819a748cf07e992091abf615f27f4be652dd1261 | 840 | svchost.exe | 2019-06-29 07:29:36 | C:\Windows\system32\Dwm.exe | ";C:\Windows\system32\Dwm.exe"; | |
| 3012 | explorer.exe | vadtree | 2.87 MBs | Link | a5c33cfa3a86de643b3b90bceef60901 | 52658c3649b14047613fb6cb92ec33c03ff0a75b802f9f80d6834a8ea87d2c44 | 2992 | 2019-06-29 07:29:36 | C:\Windows\Explorer.EXE | C:\Windows\Explorer.EXE |
Xavier Memory Analysis Framework vrs2.114 by Solomon Sonya @Carpenter1010 - 2022-01-17-17:31.19