VADTREE Information Table - MemoryDump_Lab5.raw
| PID | Process Name | vadtree | Binary Size | VirusTotal | Hash - MD5 | Hash - SHA-256 | PPID | Parent Process Name | Start | Exit | Path | Command Line |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 4 | System | vadtree | - | 0 | 2019-12-20 03:41:40 | |||||||
| 248 | smss.exe | vadtree | 112.64 KBs | Link | 7c08d133cb2850e8555a5bb58ea53f24 | 1bf33bca2f12175633e5a897fe3783f16ebad22c069f4b0526a7ac576f5d1786 | 4 | System | 2019-12-20 03:41:40 | C:\Windows\System32\smss.exe | \SystemRoot\System32\smss.exe | |
| 320 | csrss.exe | vadtree | 7.68 KBs | Link | 064c2cb85f8ea0568e254548a2e6bfc3 | 9b6843e7d89c58e5bb2e0d8b50d57c36ba82d883fa1edce189f12572ca44889b | 312 | 2019-12-20 03:41:45 | C:\Windows\system32\csrss.exe | %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 | ||
| 340 | svchost.exe | vadtree | 27.14 KBs | Link | ac1172650c30fde661bd38b0279ecb23 | 55271841055e9e9457e8dc7d1c641e2f9d4dd3370a9046eb671cc73dbfb6088 | 484 | services.exe | 2019-12-20 03:42:03 | C:\Windows\system32\svchost.exe | C:\Windows\system32\svchost.exe -k LocalService | |
| 368 | csrss.exe | vadtree | 7.68 KBs | Link | fab95b224004d68cb0d0ae653468061a | f4ab3f8cc1881ef8fac978722282fcca94c00d2dc5d22ec0d8512a758100015e | 360 | 2019-12-20 03:41:47 | C:\Windows\system32\csrss.exe | %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 | ||
| 376 | psxss.exe | vadtree | 849.92 KBs | Link | 796ac44339c1787426e5539943c48fe6 | 9a59da7c97a957838921f0d98ace0b518d5dc713836d6a5bb309da7a24dd5f03 | 248 | smss.exe | 2019-12-20 03:41:47 | C:\Windows\system32\psxss.exe | %SystemRoot%\system32\psxss.exe | |
| 416 | winlogon.exe | vadtree | 390.66 KBs | Link | 22783244743f619b61f89f66cbe207a0 | a9bbcfbc9e2c5f6d944904bd9ae8c7bef583663de7dace03490102d6d2dffbc2 | 360 | 2019-12-20 03:41:48 | C:\Windows\system32\winlogon.exe | winlogon.exe | ||
| 428 | wininit.exe | vadtree | 129.02 KBs | Link | 4b7e251f488183543fcdd5736832bf17 | 7778a31e571c3094d0b7995020b597b8e75f80d7e82b8b401206847cd884aa3d | 312 | 2019-12-20 03:41:48 | C:\Windows\system32\wininit.exe | wininit.exe | ||
| 484 | services.exe | vadtree | 328.7 KBs | Link | 3084c90e7e32af60b0cad712de5d8438 | dc08f05f14207f50c0fffe86851e2d9ed823a8c26476646eedc926e8bdca3487 | 428 | wininit.exe | 2019-12-20 03:41:50 | C:\Windows\system32\services.exe | C:\Windows\system32\services.exe | |
| 492 | lsass.exe | vadtree | 31.23 KBs | Link | 5be533118df6190256357636f7bef79d | dd6a1426e38506b7a3acce1ffcf4fe9b7c48df553a2e26e63296c45eb506d619 | 428 | wininit.exe | 2019-12-20 03:41:50 | C:\Windows\system32\lsass.exe | C:\Windows\system32\lsass.exe | |
| 500 | lsm.exe | vadtree | 343.04 KBs | Link | c03f121fcbac9a42a9c846588ac24af4 | a7a195d53ad0c9f6fa84da94bdfa33da88a65ec18ffeeb49e7fe79a2e63f6df9 | 428 | wininit.exe | 2019-12-20 03:41:50 | C:\Windows\system32\lsm.exe | C:\Windows\system32\lsm.exe | |
| 528 | VBoxTray.exe | vadtree | 2.6 MBs | Link | eba8afab96d1f99e61a59393e330fe5d | d55f4703ce1d7a7d4e81a309b6e1b5f7ff3d5051e29beb6add2be2ba8631593 | 1396 | explorer.exe | 2019-12-20 03:43:25 | C:\Windows\System32\VBoxTray.exe | ";C:\Windows\System32\VBoxTray.exe"; | |
| 588 | svchost.exe | vadtree | 27.14 KBs | Link | 756aa5a0152b59d237ee56583d1270e7 | 2133aa972ca8207dc7c47654938c89e9b56a420881f079738e317aa216253e5f | 484 | services.exe | 2019-12-20 03:41:54 | C:\Windows\system32\svchost.exe | C:\Windows\system32\svchost.exe -k DcomLaunch | |
| 628 | SearchProtocol | vadtree | 249.86 KBs | Link | 26783cea0b340040ea825101d3139b53 | ea0836c4c92f227086cc50f950c0c130c7676d9fa943290b72f76a1fd70011b0 | 1800 | SearchIndexer. | 2019-12-20 03:46:41 | ";C:\Windows\system32\SearchProtocolHost.exe"; Global\UsGthrFltPipeMssGthrPipe3_ Global\UsGthrCtrlFltPipeMssGthrPipe3 1 -2147483646 ";Software\Microsoft\Windows Search"; ";Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)"; ";C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc"; ";DownLevelDaemon"; | ||
| 656 | VBoxService.ex | vadtree | 2.68 MBs | Link | da3ab9150ffc2b54394a15001397b9a0 | 7296e229b678d634d6f7fd81549e28ccd7da70594728a223e07fa90dcd220fee | 484 | services.exe | 2019-12-20 03:41:55 | C:\Windows\System32\VBoxService.exe | ||
| 668 | dllhost.exe | vadtree | 9.73 KBs | Link | 02ed8063eb31cd94f11a341570326f13 | 7fd4d8a7cffa6c868db82b9d9caff2b0812bac25a857f194c056102b35357c13 | 588 | svchost.exe | 2019-12-20 03:46:37 | C:\Windows\system32\DllHost.exe | C:\Windows\system32\DllHost.exe /Processid:{76D0CB12-7604-4048-B83C-1005C7DDC503} | |
| 724 | svchost.exe | vadtree | 27.14 KBs | Link | 5465af6e1a2ab766806b053bf7120130 | 7138caf286d53dc0bdba517d972babe6fe8c45cdf8003734a4476a821d23b07d | 484 | services.exe | 2019-12-20 03:41:56 | C:\Windows\system32\svchost.exe | C:\Windows\system32\svchost.exe -k RPCSS | |
| 780 | WerFault.exe | vadtree | 360.45 KBs | Link | 8cbc015f86e9e74f3790a0971644de2a | a7f4a00555376d00848d809a938578b9e5bbc4f3bc84ac8f697698f18f8bdc1b | 2632 | svchost.exe | 2019-12-20 03:48:01 | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\WerFault.exe -u -p 1388 -s 156 | |
| 820 | svchost.exe | vadtree | 27.14 KBs | Link | 412b25dc7e9470cf2e7b2af9a08b7c59 | ee484b1ca128a9bf8401c1d6e71ec568191cd1736beff45daa5a85ae78c9e4f5 | 484 | services.exe | 2019-12-20 03:41:57 | C:\Windows\System32\svchost.exe | C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted | |
| 856 | svchost.exe | vadtree | 27.14 KBs | Link | 3e139d2d6fd45f9e1e4cc0975df0c34d | 5f92be8837493218185975318078e9996a39772db6662956f92d417e87169bb3 | 484 | services.exe | 2019-12-20 03:41:58 | C:\Windows\System32\svchost.exe | C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted | |
| 880 | svchost.exe | vadtree | 27.14 KBs | Link | 244062f3ef0fadcc0c5e9cdd2432269f | 81e0fc8e6dd2e8ddc75a774b3a67213780c907c10cf60ca9922b115a152d4811 | 484 | services.exe | 2019-12-20 03:41:58 | C:\Windows\system32\svchost.exe | C:\Windows\system32\svchost.exe -k netsvcs | |
| 968 | audiodg.exe | vadtree | 126.46 KBs | Link | fff6856f9fef3ffbd7af723062c85acc | e8709ac327675c03b874fc306739d535a038aeadf72ae7021dcdb2526ebe76e6 | 820 | svchost.exe | 2019-12-20 03:42:00 | C:\Windows\system32\AUDIODG.EXE | C:\Windows\system32\AUDIODG.EXE 0x2a8 | |
| 1044 | svchost.exe | vadtree | 27.14 KBs | Link | 347664cfea7a9e63e5c2ac1000dcd7ff | f7f35e44b9885187e6a99a587bd134317ba535e93f4ecfe723c92cd9d225b82d | 484 | services.exe | 2019-12-20 03:42:04 | C:\Windows\system32\svchost.exe | C:\Windows\system32\svchost.exe -k NetworkService | |
| 1128 | svchost.exe | vadtree | 27.14 KBs | Link | f8c546130624aedf72fb95b1e4a8b70f | 5c25fcaa18549b7321b62b5808fe2b707627053718498541aa9a3722e97daac9 | 484 | services.exe | 2019-12-20 03:44:31 | C:\Windows\System32\svchost.exe | C:\Windows\System32\svchost.exe -k secsvcs | |
| 1140 | taskeng.exe | vadtree | 464.38 KBs | Link | 2854ba5c642a727f2dea02f8ebaf8aa7 | ecdc6fbc663df96c4d55ced7417d259705d1535a72319f9d989068e0ba57a825 | 880 | svchost.exe | 2019-12-20 03:43:19 | C:\Windows\system32\taskeng.exe | taskeng.exe {1CE5BA55-4ED9-45CF-89C9-63EFFA573860} | |
| 1172 | dwm.exe | vadtree | 120.32 KBs | Link | 938f64936ac66042afd0d3bbfc1e2648 | e9d1bb67bd8109243b9c8ee010534a7ccb9683f4a00a0dd06bd96c88a6ec374b | 856 | svchost.exe | 2019-12-20 03:43:19 | C:\Windows\system32\Dwm.exe | ";C:\Windows\system32\Dwm.exe"; | |
| 1232 | spoolsv.exe | vadtree | 559.1 KBs | Link | 608fd6be7a7338876b3491f80893295b | 36b63ecbeb993f818b826643f9166a8971a77ea783e1345c9288537fd4ed396a | 484 | services.exe | 2019-12-20 03:42:09 | C:\Windows\System32\spoolsv.exe | C:\Windows\System32\spoolsv.exe | |
| 1272 | svchost.exe | vadtree | 27.14 KBs | Link | eeb5ea8f891d030c93d070d388e6ae40 | c72875e279bef970efe747047200ed6be7cb4f72fd0a73b28f0fb177fc0f89c5 | 484 | services.exe | 2019-12-20 03:42:10 | C:\Windows\system32\svchost.exe | C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork | |
| 1372 | svchost.exe | vadtree | 27.14 KBs | Link | 2f431d1b255366da90b23e35e11cbfc4 | 1da4fe4aab7e3183a409ee3e6efd3534ce998a83b00d922b0b9e9df635a14038 | 484 | services.exe | 2019-12-20 03:42:12 | C:\Windows\system32\svchost.exe | C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation | |
| 1388 | NOTEPAD.EXE | vadtree | - | 1580 | explorer.exe | 2019-12-20 03:48:00 | ||||||
| 1396 | explorer.exe | vadtree | 2.87 MBs | Link | a099ef56f4d5834913891f3f99dc62b0 | 8f29f3b0be2791658d4dc9a69957163124d953d29795a30282b92519ef8e044e | 1180 | 2019-12-20 03:43:19 | C:\Windows\Explorer.EXE | C:\Windows\Explorer.EXE | ||
| 1416 | TCPSVCS.EXE | vadtree | 10.24 KBs | Link | 3f8cfe66879d287c6a28fa55ffe7283f | 176caadbd5268eb9eb7ebcb4f477a38fc3f0b62fbd89333a9f349cc2b1fca469 | 484 | services.exe | 2019-12-20 03:42:13 | C:\Windows\System32\tcpsvcs.exe | C:\Windows\System32\tcpsvcs.exe | |
| 1580 | explorer.exe | vadtree | 2.87 MBs | Link | 2867487887e7c32a48cfa0a3027a9787 | 6fe62f24416ac556810ba6b3923b873e326c8062174b370e96ecfbe8e588111d | 2256 | 2019-12-20 03:46:49 | C:\Windows\Explorer.EXE | C:\Windows\Explorer.EXE | ||
| 1800 | SearchIndexer. | vadtree | 593.41 KBs | Link | d94fe5e8425fdecea6e7b8cce05f6bf6 | 8742846caddc86f6874e1cf4cf6e09e830ed1c7440624434ddc0940d2a880bb2 | 484 | services.exe | 2019-12-20 03:43:36 | C:\Windows\system32\SearchIndexer.exe /Embedding | ||
| 1928 | wmpnetwk.exe | vadtree | 1.53 MBs | Link | 6142451d5f1a795801ca588727fe566e | e5d9692c0dfa443fd7c2aae40910b70a24e08e2c54b30e5463e9820c15770ec9 | 484 | services.exe | 2019-12-20 03:43:40 | C:\Program Files\Windows Media Player\wmpnetwk.exe | ";C:\Program Files\Windows Media Player\wmpnetwk.exe"; | |
| 1968 | taskhost.exe | vadtree | 69.12 KBs | Link | 434120086795000224f140a90f086dfc | 2a5e95d23b01588220ac45f8212842dd12d6401dd52f01ede6d3422abc27ca57 | 484 | services.exe | 2019-12-20 03:46:49 | C:\Windows\system32\taskhost.exe | ";taskhost.exe"; | |
| 1988 | csrss.exe | vadtree | 7.68 KBs | Link | 4fb6cf640a97f2a1fb03d0d6f559b740 | 9baa0e2e8532383e3bc15e0557a8b3adad64e3c19a0eadf3ae2f4d020315cbe0 | 364 | 2019-12-20 03:46:42 | C:\Windows\system32\csrss.exe | %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 | ||
| 2012 | taskhost.exe | vadtree | 69.12 KBs | Link | f1a7df93f7a4e0a71fc03a8c399fe74a | 103094b1f0dfa2c36aab27d22a8dcbc97d2247d48ba038a55b10825fa1307184 | 484 | services.exe | 2019-12-20 03:43:19 | C:\Windows\system32\taskhost.exe | ";taskhost.exe"; | |
| 2056 | NOTEPAD.EXE | vadtree | - | 1580 | explorer.exe | 2019-12-20 03:48:15 | ||||||
| 2120 | winlogon.exe | vadtree | 390.66 KBs | Link | ae44fd72a924a147dc9f60b3618c9e22 | 8386aa762e17f4cd4dad6a5dc253713e4e5ee8b136afd33856291b4ff9260415 | 364 | 2019-12-20 03:46:42 | C:\Windows\system32\winlogon.exe | winlogon.exe | ||
| 2144 | VBoxTray.exe | vadtree | 2.6 MBs | Link | f99cb626799da0be4bcb7649f6963e97 | c2f2f7ba6621528ab9f5984d1bed56d93c0823237be07b5fa6a67946db28652d | 1580 | explorer.exe | 2019-12-20 03:46:50 | C:\Windows\System32\VBoxTray.exe | ";C:\Windows\System32\VBoxTray.exe"; | |
| 2168 | WerFault.exe | vadtree | - | 2632 | svchost.exe | 2019-12-20 03:48:15 | ||||||
| 2208 | DumpIt.exe | vadtree | 199.68 KBs | Link | ebd60b253ef444f7fa0e1ff78a9086bc | cacb2b7e16be43ac25c0daed76ef30f28b0057dcbbe525807c0c2ba15d5c2b19 | 1580 | explorer.exe | 2019-12-20 03:47:39 | C:\Users\SmartNet\Downloads\DumpIt\DumpIt.exe | ";C:\Users\SmartNet\Downloads\DumpIt\DumpIt.exe"; | |
| 2296 | svchost.exe | vadtree | 27.14 KBs | Link | f2c0915ddc73236a8ac88f6309c36a5a | ec08efa61cccb17bf5e3923c52a25d03b960b08004162c83acd28353390ca4f2 | 484 | services.exe | 2019-12-20 03:43:45 | C:\Windows\System32\svchost.exe | C:\Windows\System32\svchost.exe -k LocalServicePeerNet | |
| 2360 | dwm.exe | vadtree | 120.32 KBs | Link | a9e592651643fe356f13e44760111342 | 64f2491bcb85ecbae516e723f237089a5b9d803a04fc794ea24eec6289cffaaf | 856 | svchost.exe | 2019-12-20 03:46:49 | C:\Windows\system32\Dwm.exe | ";C:\Windows\system32\Dwm.exe"; | |
| 2572 | WmiPrvSE.exe | vadtree | 372.74 KBs | Link | b2d25a589037dab0a2f12dd5044c6be9 | b4693a547dc8f78d2d06097e67b38a53d34d94e3a3d1ab5ec634ab2fac257b6d | 588 | svchost.exe | 2019-12-20 03:43:56 | C:\Windows\system32\wbem\wmiprvse.exe | C:\Windows\system32\wbem\wmiprvse.exe | |
| 2608 | SearchFilterHo | vadtree | 113.66 KBs | Link | 0104bd9e7977c41cadf1151c0e1681d5 | c2148dbcca20375706b0ab26a689795300fc162313f6cac4353dd7f0e6f4856c | 1800 | SearchIndexer. | 2019-12-20 03:46:41 | ";C:\Windows\system32\SearchFilterHost.exe"; 0 504 508 516 65536 512 | ||
| 2612 | conhost.exe | vadtree | 337.92 KBs | Link | 7f63a63ad400cd618e91dfff6e797ada | 54f9934a1738e91d3c2ea2837ccb41daca338af7c9bdc87364276c75d368baaf | 1988 | csrss.exe | 2019-12-20 03:47:40 | C:\Windows\system32\conhost.exe | \??\C:\Windows\system32\conhost.exe | |
| 2632 | svchost.exe | vadtree | 27.14 KBs | Link | dd51c6ec11e31f2f229fcc9057c71b58 | 9baec73d349345cd9ea3e2a50f7bf0e077183ddbbd86ecc8709ac9de2a7582ab | 484 | services.exe | 2019-12-20 03:47:54 | C:\Windows\System32\svchost.exe | C:\Windows\System32\svchost.exe -k WerSvcGroup | |
| 2716 | WerFault.exe | vadtree | 360.45 KBs | Link | 88cb79026b8da91a46f29be3eb976d8f | fa3a9336620f60b599f65586c7d0d4a93430f05a880afd35c2bfd86bbd0805ae | 2632 | svchost.exe | 2019-12-20 03:47:54 | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\WerFault.exe -u -p 2724 -s 156 | |
| 2724 | NOTEPAD.EXE | vadtree | 69.12 KBs | Link | ceeb38b4b5df96a08fcd66031b4962cd | df3086477c84084fd749e3b6536c0c970b4f6a9a3de798314dedafbb1d527160 | 1580 | explorer.exe | 2019-12-20 03:47:53 | C:\Users\SmartNet\Videos\NOTEPAD.EXE | ";C:\Users\SmartNet\Videos\NOTEPAD.EXE"; | |
| 2744 | notepad.exe | vadtree | 193.54 KBs | Link | 381b0d9c537b8df70bbb613e1230d8ff | efe5278cdac2bb1b39f757f0d54aa12c0270752d10476e43274fd1cd1cb4aa3d | 1580 | explorer.exe | 2019-12-20 03:47:21 | C:\Windows\system32\notepad.exe | ";C:\Windows\system32\notepad.exe"; | |
| 2924 | WinRAR.exe | vadtree | 2.35 MBs | Link | d53dfa709cd8b6533f605ff4fc6800a6 | 35033c09c1ce2c3f81d1c00661a6e21f299e92698b8e7994b47297c7755675ca | 1580 | explorer.exe | 2019-12-20 03:47:13 | C:\Program Files\WinRAR\WinRAR.exe | ";C:\Program Files\WinRAR\WinRAR.exe"; ";C:\Users\SmartNet\Documents\SW1wb3J0YW50.rar"; | |
| 2940 | sppsvc.exe | vadtree | 3.52 MBs | Link | c48860c3fb2d39c01fbed7536cd2f2e5 | 53ece74253942c313fee2518796edf05cf0290ed0ae2d945b62145801a123edb | 484 | services.exe | 2019-12-20 03:44:24 | C:\Windows\system32\sppsvc.exe | C:\Windows\system32\sppsvc.exe |
Xavier Memory Analysis Framework vrs2.114 by Solomon Sonya @Carpenter1010 - 2022-01-18-01:46.11