elysiumstealer | 48ee8d72d38ee855eafaf022a158d649d32e1b4e919e7b6f8d8b94ce47e43e98

Resubmissions

19-02-2023 16:10

230219-tmlzdsfh96 10

19-02-2023 16:06

230219-tj4p2afd3z 10

19-02-2023 16:05

230219-tjjd4afh92 10

19-02-2023 16:04

230219-th18hsfd3x 10

Analysis

max time kernel
152s
max time network
235s
platform
windows10-2004_x64
resource
win10v2004-20221111-ja
resource tags

arch:x64arch:x86image:win10v2004-20221111-jalocale:ja-jpos:windows10-2004-x64systemwindows
submitted
19-02-2023 16:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

VTProblem-VM (2).exe
Size

232KB
MD5

517b49453e545a36c8f1a3bc33251cc5
SHA1

e8a06fdbfbb2dc8052ede370bd977da819224a0d
SHA256

48ee8d72d38ee855eafaf022a158d649d32e1b4e919e7b6f8d8b94ce47e43e98
SHA512

a477ff24d032418ca17951d69cbcd77eb0d56784d96e58505077c69ead5fe0787869a756a8fb00f9c61a7aa4adb8c026acd571b6f330cae87ca020b5f498c9fe
SSDEEP

6144:Iio6TsKXWMLMJsVX+J4WAQ9mhYHuOjwae9fDjxExnDE7RPiA0:IA4QWCHX+JSQ9mhYHuOjwae9fDjxExnI

Score

10^/10

elysiumstealer stealer

Malware Config

Signatures

ElysiumStealer
ElysiumStealer (previously known as ZeromaxStealer) is an info stealer that can steal login credentials for various accounts.
stealer elysiumstealer

ElysiumStealer Support DLL 63 IoCs

resource	yara_rule
behavioral2/files/0x000600000002265f-134.dat	elysiumstealer_dll
behavioral2/files/0x000600000002265f-148.dat	elysiumstealer_dll
behavioral2/files/0x000600000002265f-149.dat	elysiumstealer_dll
behavioral2/files/0x000600000002265f-158.dat	elysiumstealer_dll
behavioral2/files/0x000600000002265f-167.dat	elysiumstealer_dll
behavioral2/files/0x000600000002265f-178.dat	elysiumstealer_dll
behavioral2/files/0x000600000002265f-193.dat	elysiumstealer_dll
behavioral2/files/0x000600000002265f-198.dat	elysiumstealer_dll
behavioral2/files/0x000600000002265f-200.dat	elysiumstealer_dll
behavioral2/files/0x000600000002265f-210.dat	elysiumstealer_dll
behavioral2/files/0x000600000002265f-211.dat	elysiumstealer_dll
behavioral2/files/0x000600000002265f-212.dat	elysiumstealer_dll
behavioral2/files/0x000600000002265f-214.dat	elysiumstealer_dll
behavioral2/files/0x000600000002265f-215.dat	elysiumstealer_dll
behavioral2/files/0x000600000002265f-216.dat	elysiumstealer_dll
behavioral2/files/0x000600000002265f-217.dat	elysiumstealer_dll
behavioral2/files/0x000600000002265f-218.dat	elysiumstealer_dll
behavioral2/files/0x000600000002265f-219.dat	elysiumstealer_dll
behavioral2/files/0x000600000002265f-220.dat	elysiumstealer_dll
behavioral2/files/0x000600000002265f-221.dat	elysiumstealer_dll
behavioral2/files/0x000600000002265f-223.dat	elysiumstealer_dll
behavioral2/files/0x000600000002265f-222.dat	elysiumstealer_dll
behavioral2/files/0x000600000002265f-224.dat	elysiumstealer_dll
behavioral2/files/0x000600000002265f-226.dat	elysiumstealer_dll
behavioral2/files/0x000600000002265f-227.dat	elysiumstealer_dll
behavioral2/files/0x000600000002265f-228.dat	elysiumstealer_dll
behavioral2/files/0x000600000002265f-230.dat	elysiumstealer_dll
behavioral2/files/0x000600000002265f-229.dat	elysiumstealer_dll
behavioral2/files/0x000600000002265f-233.dat	elysiumstealer_dll
behavioral2/files/0x000600000002265f-231.dat	elysiumstealer_dll
behavioral2/files/0x000600000002265f-225.dat	elysiumstealer_dll
behavioral2/files/0x000600000002265f-232.dat	elysiumstealer_dll
behavioral2/files/0x000600000002265f-235.dat	elysiumstealer_dll
behavioral2/files/0x000600000002265f-234.dat	elysiumstealer_dll
behavioral2/files/0x000600000002265f-237.dat	elysiumstealer_dll
behavioral2/files/0x000600000002265f-236.dat	elysiumstealer_dll
behavioral2/files/0x000600000002265f-239.dat	elysiumstealer_dll
behavioral2/files/0x000600000002265f-240.dat	elysiumstealer_dll
behavioral2/files/0x000600000002265f-238.dat	elysiumstealer_dll
behavioral2/files/0x000600000002265f-244.dat	elysiumstealer_dll
behavioral2/files/0x000600000002265f-242.dat	elysiumstealer_dll
behavioral2/files/0x000600000002265f-245.dat	elysiumstealer_dll
behavioral2/files/0x000600000002265f-243.dat	elysiumstealer_dll
behavioral2/files/0x000600000002265f-241.dat	elysiumstealer_dll
behavioral2/files/0x000600000002265f-246.dat	elysiumstealer_dll
behavioral2/files/0x000600000002265f-247.dat	elysiumstealer_dll
behavioral2/files/0x000600000002265f-248.dat	elysiumstealer_dll
behavioral2/files/0x000600000002265f-251.dat	elysiumstealer_dll
behavioral2/files/0x000600000002265f-250.dat	elysiumstealer_dll
behavioral2/files/0x000600000002265f-252.dat	elysiumstealer_dll
behavioral2/files/0x000600000002265f-249.dat	elysiumstealer_dll
behavioral2/files/0x000600000002265f-253.dat	elysiumstealer_dll
behavioral2/files/0x000600000002265f-254.dat	elysiumstealer_dll
behavioral2/files/0x000600000002265f-260.dat	elysiumstealer_dll
behavioral2/files/0x000600000002265f-261.dat	elysiumstealer_dll
behavioral2/files/0x000600000002265f-259.dat	elysiumstealer_dll
behavioral2/files/0x000600000002265f-258.dat	elysiumstealer_dll
behavioral2/files/0x000600000002265f-262.dat	elysiumstealer_dll
behavioral2/files/0x000600000002265f-264.dat	elysiumstealer_dll
behavioral2/files/0x000600000002265f-263.dat	elysiumstealer_dll
behavioral2/files/0x000600000002265f-257.dat	elysiumstealer_dll
behavioral2/files/0x000600000002265f-256.dat	elysiumstealer_dll
behavioral2/files/0x000600000002265f-255.dat	elysiumstealer_dll

Blocklisted process makes network request 64 IoCs

flow	pid	Process
101	5644	WMIC.exe
102	2080	cmd.exe
106	2988	WMIC.exe
111	5644	WMIC.exe
112	2080	cmd.exe
116	6668	WMIC.exe
118	5944	WMIC.exe
123	5580	cmd.exe
124	6184	cmd.exe
125	6560	WMIC.exe
128	2988	WMIC.exe
131	6184	cmd.exe
135	5644	WMIC.exe
137	2080	cmd.exe
138	5580	cmd.exe
141	6668	WMIC.exe
143	5944	WMIC.exe
146	6560	WMIC.exe
149	6668	WMIC.exe
151	5580	cmd.exe
154	5944	WMIC.exe
157	6184	cmd.exe
158	2988	WMIC.exe
159	5644	WMIC.exe
160	2080	cmd.exe
161	6560	WMIC.exe
166	6668	WMIC.exe
168	5580	cmd.exe
170	6184	cmd.exe
175	5944	WMIC.exe
178	2988	WMIC.exe
179	6560	WMIC.exe
180	5644	WMIC.exe
182	2080	cmd.exe
183	5580	cmd.exe
184	6668	WMIC.exe
186	2988	WMIC.exe
191	5944	WMIC.exe
195	5644	WMIC.exe
196	2080	cmd.exe
198	6184	cmd.exe
199	5580	cmd.exe
200	6668	WMIC.exe
204	2988	WMIC.exe
210	5644	WMIC.exe
211	6560	WMIC.exe
212	2080	cmd.exe
213	5944	WMIC.exe
215	5580	cmd.exe
216	6668	WMIC.exe
220	6184	cmd.exe
228	5944	WMIC.exe
229	6668	WMIC.exe
230	5580	cmd.exe
231	6560	WMIC.exe
232	6184	cmd.exe
239	5944	WMIC.exe
240	6560	WMIC.exe
242	6184	cmd.exe
246	6560	WMIC.exe
251	1900	cmd.exe
256	6372	cmd.exe
263	1296	WMIC.exe
292	4492	Process not Found

Checks computer location settings 2 TTPs 64 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Control Panel\International\Geo\Nation	VTProblem-VM (2).exe
Key value queried	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Control Panel\International\Geo\Nation	VTProblem-VM (2).exe
Key value queried	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Control Panel\International\Geo\Nation	VTProblem-VM (2).exe
Key value queried	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Control Panel\International\Geo\Nation	VTProblem-VM (2).exe
Key value queried	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Control Panel\International\Geo\Nation	VTProblem-VM (2).exe
Key value queried	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Control Panel\International\Geo\Nation	VTProblem-VM (2).exe
Key value queried	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Control Panel\International\Geo\Nation	VTProblem-VM (2).exe
Key value queried	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Control Panel\International\Geo\Nation	VTProblem-VM (2).exe
Key value queried	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Control Panel\International\Geo\Nation	VTProblem-VM (2).exe
Key value queried	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Control Panel\International\Geo\Nation	VTProblem-VM (2).exe
Key value queried	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Control Panel\International\Geo\Nation	VTProblem-VM (2).exe
Key value queried	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Control Panel\International\Geo\Nation	VTProblem-VM (2).exe
Key value queried	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Control Panel\International\Geo\Nation	VTProblem-VM (2).exe
Key value queried	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Control Panel\International\Geo\Nation	VTProblem-VM (2).exe
Key value queried	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Control Panel\International\Geo\Nation	VTProblem-VM (2).exe
Key value queried	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Control Panel\International\Geo\Nation	VTProblem-VM (2).exe
Key value queried	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Control Panel\International\Geo\Nation	VTProblem-VM (2).exe
Key value queried	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Control Panel\International\Geo\Nation	VTProblem-VM (2).exe
Key value queried	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Control Panel\International\Geo\Nation	VTProblem-VM (2).exe
Key value queried	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Control Panel\International\Geo\Nation	VTProblem-VM (2).exe
Key value queried	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Control Panel\International\Geo\Nation	VTProblem-VM (2).exe
Key value queried	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Control Panel\International\Geo\Nation	VTProblem-VM (2).exe
Key value queried	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Control Panel\International\Geo\Nation	VTProblem-VM (2).exe
Key value queried	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Control Panel\International\Geo\Nation	VTProblem-VM (2).exe
Key value queried	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Control Panel\International\Geo\Nation	VTProblem-VM (2).exe
Key value queried	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Control Panel\International\Geo\Nation	VTProblem-VM (2).exe
Key value queried	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Control Panel\International\Geo\Nation	VTProblem-VM (2).exe
Key value queried	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Control Panel\International\Geo\Nation	VTProblem-VM (2).exe
Key value queried	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Control Panel\International\Geo\Nation	VTProblem-VM (2).exe
Key value queried	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Control Panel\International\Geo\Nation	VTProblem-VM (2).exe
Key value queried	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Control Panel\International\Geo\Nation	VTProblem-VM (2).exe
Key value queried	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Control Panel\International\Geo\Nation	VTProblem-VM (2).exe
Key value queried	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Control Panel\International\Geo\Nation	VTProblem-VM (2).exe
Key value queried	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Control Panel\International\Geo\Nation	VTProblem-VM (2).exe
Key value queried	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Control Panel\International\Geo\Nation	VTProblem-VM (2).exe
Key value queried	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Control Panel\International\Geo\Nation	VTProblem-VM (2).exe
Key value queried	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Control Panel\International\Geo\Nation	VTProblem-VM (2).exe
Key value queried	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Control Panel\International\Geo\Nation	VTProblem-VM (2).exe
Key value queried	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Control Panel\International\Geo\Nation	VTProblem-VM (2).exe
Key value queried	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Control Panel\International\Geo\Nation	VTProblem-VM (2).exe
Key value queried	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Control Panel\International\Geo\Nation	WMIC.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Control Panel\International\Geo\Nation	VTProblem-VM (2).exe
Key value queried	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Control Panel\International\Geo\Nation	VTProblem-VM (2).exe
Key value queried	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Control Panel\International\Geo\Nation	VTProblem-VM (2).exe
Key value queried	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Control Panel\International\Geo\Nation	VTProblem-VM (2).exe
Key value queried	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Control Panel\International\Geo\Nation	VTProblem-VM (2).exe
Key value queried	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Control Panel\International\Geo\Nation	VTProblem-VM (2).exe
Key value queried	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Control Panel\International\Geo\Nation	VTProblem-VM (2).exe
Key value queried	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Control Panel\International\Geo\Nation	VTProblem-VM (2).exe
Key value queried	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Control Panel\International\Geo\Nation	VTProblem-VM (2).exe
Key value queried	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Control Panel\International\Geo\Nation	VTProblem-VM (2).exe
Key value queried	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Control Panel\International\Geo\Nation	VTProblem-VM (2).exe
Key value queried	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Control Panel\International\Geo\Nation	VTProblem-VM (2).exe
Key value queried	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Control Panel\International\Geo\Nation	VTProblem-VM (2).exe
Key value queried	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Control Panel\International\Geo\Nation	VTProblem-VM (2).exe
Key value queried	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Control Panel\International\Geo\Nation	VTProblem-VM (2).exe
Key value queried	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Control Panel\International\Geo\Nation	VTProblem-VM (2).exe
Key value queried	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Control Panel\International\Geo\Nation	VTProblem-VM (2).exe
Key value queried	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Control Panel\International\Geo\Nation	VTProblem-VM (2).exe
Key value queried	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Control Panel\International\Geo\Nation	VTProblem-VM (2).exe
Key value queried	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Control Panel\International\Geo\Nation	WMIC.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Control Panel\International\Geo\Nation	VTProblem-VM (2).exe
Key value queried	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Control Panel\International\Geo\Nation	VTProblem-VM (2).exe
Key value queried	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Control Panel\International\Geo\Nation	VTProblem-VM (2).exe

Loads dropped DLL 64 IoCs

pid	Process
1892	VTProblem-VM (2).exe
3740	VTProblem-VM (2).exe
4760	VTProblem-VM (2).exe
4004	VTProblem-VM (2).exe
2988	VTProblem-VM (2).exe
5416	VTProblem-VM (2).exe
5644	VTProblem-VM (2).exe
5680	VTProblem-VM (2).exe
2080	VTProblem-VM (2).exe
5184	VTProblem-VM (2).exe
4976	VTProblem-VM (2).exe
5944	VTProblem-VM (2).exe
3692	VTProblem-VM (2).exe
5984	VTProblem-VM (2).exe
6088	VTProblem-VM (2).exe
5580	VTProblem-VM (2).exe
5324	VTProblem-VM (2).exe
6184	VTProblem-VM (2).exe
6560	WMIC.exe
6584	Process not Found
6648	VTProblem-VM (2).exe
6668	WMIC.exe
6972	VTProblem-VM (2).exe
6208	VTProblem-VM (2).exe
6880	VTProblem-VM (2).exe
7116	VTProblem-VM (2).exe
4492	VTProblem-VM (2).exe
7064	VTProblem-VM (2).exe
6216	VTProblem-VM (2).exe
1296	VTProblem-VM (2).exe
220	VTProblem-VM (2).exe
3696	VTProblem-VM (2).exe
3740	VTProblem-VM (2).exe
4772	VTProblem-VM (2).exe
4692	VTProblem-VM (2).exe
6104	VTProblem-VM (2).exe
524	VTProblem-VM (2).exe
5924	VTProblem-VM (2).exe
1720	VTProblem-VM (2).exe
5172	VTProblem-VM (2).exe
1900	VTProblem-VM (2).exe
3196	VTProblem-VM (2).exe
5416	VTProblem-VM (2).exe
6708	VTProblem-VM (2).exe
6280	VTProblem-VM (2).exe
7160	VTProblem-VM (2).exe
6372	VTProblem-VM (2).exe
1964	VTProblem-VM (2).exe
6488	VTProblem-VM (2).exe
6812	VTProblem-VM (2).exe
6848	VTProblem-VM (2).exe
7068	VTProblem-VM (2).exe
7188	VTProblem-VM (2).exe
7308	VTProblem-VM (2).exe
7412	VTProblem-VM (2).exe
7812	VTProblem-VM (2).exe
7696	VTProblem-VM (2).exe
8100	VTProblem-VM (2).exe
8048	VTProblem-VM (2).exe
8168	VTProblem-VM (2).exe
6540	VTProblem-VM (2).exe
3436	VTProblem-VM (2).exe
4416	VTProblem-VM (2).exe
8248	VTProblem-VM (2).exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Program crash 1 IoCs

pid	pid_target	Process	procid_target
15444	1008	Process not Found	10

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	Taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	Taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	Taskmgr.exe

Enumerates processes with tasklist 1 TTPs 64 IoCs

Process Discovery

T1057

pid	Process
10904	Process not Found
11764	Process not Found
15056	Process not Found
6484	tasklist.exe
9236	tasklist.exe
13596	Process not Found
9848	Process not Found
872	Process not Found
2752	tasklist.exe
13940	Process not Found
7948	Process not Found
11272	Process not Found
4104	Process not Found
6504	tasklist.exe
5908	tasklist.exe
7616	tasklist.exe
8624	tasklist.exe
10192	tasklist.exe
4612	tasklist.exe
13284	Process not Found
15556	Process not Found
7024	tasklist.exe
2608	Process not Found
9024	Process not Found
16292	Process not Found
10956	Process not Found
7264	tasklist.exe
6084	tasklist.exe
6796	tasklist.exe
5860	Process not Found
3036	Process not Found
8132	tasklist.exe
9600	tasklist.exe
8960	tasklist.exe
2260	Process not Found
5552	tasklist.exe
13996	Process not Found
9456	tasklist.exe
15012	Process not Found
10148	tasklist.exe
6792	tasklist.exe
12052	Process not Found
8704	tasklist.exe
13720	Process not Found
12300	Process not Found
6152	tasklist.exe
9704	tasklist.exe
9260	tasklist.exe
14772	Process not Found
5320	tasklist.exe
10440	Process not Found
10432	Process not Found
13528	Process not Found
1796	tasklist.exe
8256	Process not Found
7372	Process not Found
7140	tasklist.exe
6888	tasklist.exe
7676	Process not Found
15136	Process not Found
10208	Process not Found
14408	Process not Found
9456	Process not Found
6108	tasklist.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1892	VTProblem-VM (2).exe
1528	Taskmgr.exe
1528	Taskmgr.exe
1528	Taskmgr.exe
1528	Taskmgr.exe
1528	Taskmgr.exe
1528	Taskmgr.exe
1528	Taskmgr.exe
1528	Taskmgr.exe
1528	Taskmgr.exe
1528	Taskmgr.exe
1528	Taskmgr.exe
1528	Taskmgr.exe
1528	Taskmgr.exe
1528	Taskmgr.exe
1528	Taskmgr.exe
1528	Taskmgr.exe
1528	Taskmgr.exe
1528	Taskmgr.exe
1528	Taskmgr.exe
1528	Taskmgr.exe
1528	Taskmgr.exe
1528	Taskmgr.exe
1528	Taskmgr.exe
1528	Taskmgr.exe
1528	Taskmgr.exe
1528	Taskmgr.exe
1528	Taskmgr.exe
1528	Taskmgr.exe
1528	Taskmgr.exe
1528	Taskmgr.exe
1528	Taskmgr.exe
1528	Taskmgr.exe
1528	Taskmgr.exe
1528	Taskmgr.exe
1528	Taskmgr.exe
1528	Taskmgr.exe
1528	Taskmgr.exe
1528	Taskmgr.exe
1528	Taskmgr.exe
1528	Taskmgr.exe
3740	VTProblem-VM (2).exe
3740	VTProblem-VM (2).exe
1528	Taskmgr.exe
1528	Taskmgr.exe
1528	Taskmgr.exe
4760	VTProblem-VM (2).exe
4760	VTProblem-VM (2).exe
1528	Taskmgr.exe
1528	Taskmgr.exe
4004	VTProblem-VM (2).exe
4004	VTProblem-VM (2).exe
1528	Taskmgr.exe
2988	VTProblem-VM (2).exe
2988	VTProblem-VM (2).exe
1528	Taskmgr.exe
1528	Taskmgr.exe
1528	Taskmgr.exe
5416	VTProblem-VM (2).exe
5416	VTProblem-VM (2).exe
1528	Taskmgr.exe
5644	VTProblem-VM (2).exe
5644	VTProblem-VM (2).exe
5680	VTProblem-VM (2).exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1528	Taskmgr.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	1892	VTProblem-VM (2).exe
Token: SeIncreaseQuotaPrivilege	3292	WMIC.exe
Token: SeSecurityPrivilege	3292	WMIC.exe
Token: SeTakeOwnershipPrivilege	3292	WMIC.exe
Token: SeLoadDriverPrivilege	3292	WMIC.exe
Token: SeSystemProfilePrivilege	3292	WMIC.exe
Token: SeSystemtimePrivilege	3292	WMIC.exe
Token: SeProfSingleProcessPrivilege	3292	WMIC.exe
Token: SeIncBasePriorityPrivilege	3292	WMIC.exe
Token: SeCreatePagefilePrivilege	3292	WMIC.exe
Token: SeBackupPrivilege	3292	WMIC.exe
Token: SeRestorePrivilege	3292	WMIC.exe
Token: SeShutdownPrivilege	3292	WMIC.exe
Token: SeDebugPrivilege	3292	WMIC.exe
Token: SeSystemEnvironmentPrivilege	3292	WMIC.exe
Token: SeRemoteShutdownPrivilege	3292	WMIC.exe
Token: SeUndockPrivilege	3292	WMIC.exe
Token: SeManageVolumePrivilege	3292	WMIC.exe
Token: 33	3292	WMIC.exe
Token: 34	3292	WMIC.exe
Token: 35	3292	WMIC.exe
Token: 36	3292	WMIC.exe
Token: SeDebugPrivilege	1528	Taskmgr.exe
Token: SeSystemProfilePrivilege	1528	Taskmgr.exe
Token: SeCreateGlobalPrivilege	1528	Taskmgr.exe
Token: SeIncreaseQuotaPrivilege	3292	WMIC.exe
Token: SeSecurityPrivilege	3292	WMIC.exe
Token: SeTakeOwnershipPrivilege	3292	WMIC.exe
Token: SeLoadDriverPrivilege	3292	WMIC.exe
Token: SeSystemProfilePrivilege	3292	WMIC.exe
Token: SeSystemtimePrivilege	3292	WMIC.exe
Token: SeProfSingleProcessPrivilege	3292	WMIC.exe
Token: SeIncBasePriorityPrivilege	3292	WMIC.exe
Token: SeCreatePagefilePrivilege	3292	WMIC.exe
Token: SeBackupPrivilege	3292	WMIC.exe
Token: SeRestorePrivilege	3292	WMIC.exe
Token: SeShutdownPrivilege	3292	WMIC.exe
Token: SeDebugPrivilege	3292	WMIC.exe
Token: SeSystemEnvironmentPrivilege	3292	WMIC.exe
Token: SeRemoteShutdownPrivilege	3292	WMIC.exe
Token: SeUndockPrivilege	3292	WMIC.exe
Token: SeManageVolumePrivilege	3292	WMIC.exe
Token: 33	3292	WMIC.exe
Token: 34	3292	WMIC.exe
Token: 35	3292	WMIC.exe
Token: 36	3292	WMIC.exe
Token: SeIncreaseQuotaPrivilege	220	WMIC.exe
Token: SeSecurityPrivilege	220	WMIC.exe
Token: SeTakeOwnershipPrivilege	220	WMIC.exe
Token: SeLoadDriverPrivilege	220	WMIC.exe
Token: SeSystemProfilePrivilege	220	WMIC.exe
Token: SeSystemtimePrivilege	220	WMIC.exe
Token: SeProfSingleProcessPrivilege	220	WMIC.exe
Token: SeIncBasePriorityPrivilege	220	WMIC.exe
Token: SeCreatePagefilePrivilege	220	WMIC.exe
Token: SeBackupPrivilege	220	WMIC.exe
Token: SeRestorePrivilege	220	WMIC.exe
Token: SeShutdownPrivilege	220	WMIC.exe
Token: SeDebugPrivilege	220	WMIC.exe
Token: SeSystemEnvironmentPrivilege	220	WMIC.exe
Token: SeRemoteShutdownPrivilege	220	WMIC.exe
Token: SeUndockPrivilege	220	WMIC.exe
Token: SeManageVolumePrivilege	220	WMIC.exe
Token: 33	220	WMIC.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1528	Taskmgr.exe
1528	Taskmgr.exe
1528	Taskmgr.exe
1528	Taskmgr.exe
1528	Taskmgr.exe
1528	Taskmgr.exe
1528	Taskmgr.exe
1528	Taskmgr.exe
1528	Taskmgr.exe
1528	Taskmgr.exe
1528	Taskmgr.exe
1528	Taskmgr.exe
1528	Taskmgr.exe
1528	Taskmgr.exe
1528	Taskmgr.exe
1528	Taskmgr.exe
1528	Taskmgr.exe
1528	Taskmgr.exe
1528	Taskmgr.exe
1528	Taskmgr.exe
1528	Taskmgr.exe
1528	Taskmgr.exe
1528	Taskmgr.exe
1528	Taskmgr.exe
1528	Taskmgr.exe
1528	Taskmgr.exe
1528	Taskmgr.exe
1528	Taskmgr.exe
1528	Taskmgr.exe
1528	Taskmgr.exe
1528	Taskmgr.exe
1528	Taskmgr.exe
1528	Taskmgr.exe
1528	Taskmgr.exe
1528	Taskmgr.exe
1528	Taskmgr.exe
1528	Taskmgr.exe
1528	Taskmgr.exe
1528	Taskmgr.exe
1528	Taskmgr.exe
1528	Taskmgr.exe
1528	Taskmgr.exe
1528	Taskmgr.exe
1528	Taskmgr.exe
1528	Taskmgr.exe
1528	Taskmgr.exe
1528	Taskmgr.exe
1528	Taskmgr.exe
1528	Taskmgr.exe
1528	Taskmgr.exe
1528	Taskmgr.exe
1528	Taskmgr.exe
1528	Taskmgr.exe
1528	Taskmgr.exe
1528	Taskmgr.exe
1528	Taskmgr.exe
1528	Taskmgr.exe
1528	Taskmgr.exe
1528	Taskmgr.exe
1528	Taskmgr.exe
1528	Taskmgr.exe
1528	Taskmgr.exe
1528	Taskmgr.exe
1528	Taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
1528	Taskmgr.exe
1528	Taskmgr.exe
1528	Taskmgr.exe
1528	Taskmgr.exe
1528	Taskmgr.exe
1528	Taskmgr.exe
1528	Taskmgr.exe
1528	Taskmgr.exe
1528	Taskmgr.exe
1528	Taskmgr.exe
1528	Taskmgr.exe
1528	Taskmgr.exe
1528	Taskmgr.exe
1528	Taskmgr.exe
1528	Taskmgr.exe
1528	Taskmgr.exe
1528	Taskmgr.exe
1528	Taskmgr.exe
1528	Taskmgr.exe
1528	Taskmgr.exe
1528	Taskmgr.exe
1528	Taskmgr.exe
1528	Taskmgr.exe
1528	Taskmgr.exe
1528	Taskmgr.exe
1528	Taskmgr.exe
1528	Taskmgr.exe
1528	Taskmgr.exe
1528	Taskmgr.exe
1528	Taskmgr.exe
1528	Taskmgr.exe
1528	Taskmgr.exe
1528	Taskmgr.exe
1528	Taskmgr.exe
1528	Taskmgr.exe
1528	Taskmgr.exe
1528	Taskmgr.exe
1528	Taskmgr.exe
1528	Taskmgr.exe
1528	Taskmgr.exe
1528	Taskmgr.exe
1528	Taskmgr.exe
1528	Taskmgr.exe
1528	Taskmgr.exe
1528	Taskmgr.exe
1528	Taskmgr.exe
1528	Taskmgr.exe
1528	Taskmgr.exe
1528	Taskmgr.exe
1528	Taskmgr.exe
1528	Taskmgr.exe
1528	Taskmgr.exe
1528	Taskmgr.exe
1528	Taskmgr.exe
1528	Taskmgr.exe
1528	Taskmgr.exe
1528	Taskmgr.exe
1528	Taskmgr.exe
1528	Taskmgr.exe
1528	Taskmgr.exe
1528	Taskmgr.exe
1528	Taskmgr.exe
1528	Taskmgr.exe
1528	Taskmgr.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1892 wrote to memory of 1528	1892	VTProblem-VM (2).exe	83
PID 1892 wrote to memory of 1528	1892	VTProblem-VM (2).exe	83
PID 1892 wrote to memory of 1528	1892	VTProblem-VM (2).exe	83
PID 1892 wrote to memory of 4772	1892	VTProblem-VM (2).exe	84
PID 1892 wrote to memory of 4772	1892	VTProblem-VM (2).exe	84
PID 1892 wrote to memory of 4772	1892	VTProblem-VM (2).exe	84
PID 4772 wrote to memory of 3292	4772	cmd.exe	86
PID 4772 wrote to memory of 3292	4772	cmd.exe	86
PID 4772 wrote to memory of 3292	4772	cmd.exe	86
PID 4772 wrote to memory of 220	4772	cmd.exe	87
PID 4772 wrote to memory of 220	4772	cmd.exe	87
PID 4772 wrote to memory of 220	4772	cmd.exe	87
PID 4772 wrote to memory of 5076	4772	cmd.exe	88
PID 4772 wrote to memory of 5076	4772	cmd.exe	88
PID 4772 wrote to memory of 5076	4772	cmd.exe	88
PID 4772 wrote to memory of 1404	4772	cmd.exe	89
PID 4772 wrote to memory of 1404	4772	cmd.exe	89
PID 4772 wrote to memory of 1404	4772	cmd.exe	89
PID 4772 wrote to memory of 3268	4772	cmd.exe	90
PID 4772 wrote to memory of 3268	4772	cmd.exe	90
PID 4772 wrote to memory of 3268	4772	cmd.exe	90
PID 4772 wrote to memory of 1900	4772	cmd.exe	91
PID 4772 wrote to memory of 1900	4772	cmd.exe	91
PID 4772 wrote to memory of 1900	4772	cmd.exe	91
PID 1892 wrote to memory of 2104	1892	VTProblem-VM (2).exe	92
PID 1892 wrote to memory of 2104	1892	VTProblem-VM (2).exe	92
PID 1892 wrote to memory of 2104	1892	VTProblem-VM (2).exe	92
PID 2104 wrote to memory of 2880	2104	cmd.exe	94
PID 2104 wrote to memory of 2880	2104	cmd.exe	94
PID 2104 wrote to memory of 2880	2104	cmd.exe	94
PID 3740 wrote to memory of 4492	3740	VTProblem-VM (2).exe	113
PID 3740 wrote to memory of 4492	3740	VTProblem-VM (2).exe	113
PID 3740 wrote to memory of 4492	3740	VTProblem-VM (2).exe	113
PID 3740 wrote to memory of 4320	3740	VTProblem-VM (2).exe	114
PID 3740 wrote to memory of 4320	3740	VTProblem-VM (2).exe	114
PID 3740 wrote to memory of 4320	3740	VTProblem-VM (2).exe	114
PID 4320 wrote to memory of 4756	4320	cmd.exe	116
PID 4320 wrote to memory of 4756	4320	cmd.exe	116
PID 4320 wrote to memory of 4756	4320	cmd.exe	116
PID 4320 wrote to memory of 920	4320	cmd.exe	117
PID 4320 wrote to memory of 920	4320	cmd.exe	117
PID 4320 wrote to memory of 920	4320	cmd.exe	117
PID 4320 wrote to memory of 3224	4320	cmd.exe	118
PID 4320 wrote to memory of 3224	4320	cmd.exe	118
PID 4320 wrote to memory of 3224	4320	cmd.exe	118
PID 4320 wrote to memory of 2920	4320	cmd.exe	119
PID 4320 wrote to memory of 2920	4320	cmd.exe	119
PID 4320 wrote to memory of 2920	4320	cmd.exe	119
PID 4320 wrote to memory of 612	4320	cmd.exe	120
PID 4320 wrote to memory of 612	4320	cmd.exe	120
PID 4320 wrote to memory of 612	4320	cmd.exe	120
PID 4320 wrote to memory of 4940	4320	cmd.exe	121
PID 4320 wrote to memory of 4940	4320	cmd.exe	121
PID 4320 wrote to memory of 4940	4320	cmd.exe	121
PID 3740 wrote to memory of 2352	3740	VTProblem-VM (2).exe	123
PID 3740 wrote to memory of 2352	3740	VTProblem-VM (2).exe	123
PID 3740 wrote to memory of 2352	3740	VTProblem-VM (2).exe	123
PID 4760 wrote to memory of 4908	4760	VTProblem-VM (2).exe	125
PID 4760 wrote to memory of 4908	4760	VTProblem-VM (2).exe	125
PID 4760 wrote to memory of 4908	4760	VTProblem-VM (2).exe	125
PID 4760 wrote to memory of 1976	4760	VTProblem-VM (2).exe	126
PID 4760 wrote to memory of 1976	4760	VTProblem-VM (2).exe	126
PID 4760 wrote to memory of 1976	4760	VTProblem-VM (2).exe	126
PID 2352 wrote to memory of 4388	2352	cmd.exe	128

C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe
"C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe"
1⤵
- Checks computer location settings
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1892
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  - Checks SCSI registry key(s)
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:1528
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4772
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:3292
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:220
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version
    3⤵
    PID:5076
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic CSPRODUCT get
    3⤵
    PID:1404
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed
    3⤵
    PID:3268
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
    3⤵
    PID:1900
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "tasklist
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2104
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist
    3⤵
    PID:2880

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2028

C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe
"C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe"
1⤵
- Checks computer location settings
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3740
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:4492
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4320
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:4756
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:920
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version
    3⤵
    PID:3224
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic CSPRODUCT get
    3⤵
    PID:2920
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed
    3⤵
    PID:612
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
    3⤵
    PID:4940
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "tasklist
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2352
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist
    3⤵
    PID:4388

C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe
"C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe"
1⤵
- Checks computer location settings
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4760
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:4908
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:1976
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:3860
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:1928
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version
    3⤵
    PID:4424
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic CSPRODUCT get
    3⤵
    PID:3416
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed
    3⤵
    PID:392
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
    3⤵
    PID:1928
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "tasklist
  2⤵
  PID:1324
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist
    3⤵
    - Enumerates processes with tasklist
    PID:2752

C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe
"C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe"
1⤵
- Checks computer location settings
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:4004
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:3992
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:5076
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:3716
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:3384
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version
    3⤵
    PID:1492
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic CSPRODUCT get
    3⤵
    PID:1536
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed
    3⤵
    PID:3344
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
    3⤵
    PID:2632
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "tasklist
  2⤵
  PID:3968
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist
    3⤵
    - Enumerates processes with tasklist
    PID:1796

C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe
"C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe"
1⤵
- Checks computer location settings
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:2988
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:904
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:2768
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:5028
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:2308
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version
    3⤵
    PID:3384
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic CSPRODUCT get
    3⤵
    PID:5128
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed
    3⤵
    PID:5168
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
    3⤵
    PID:5236
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "tasklist
  2⤵
  PID:5276
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist
    3⤵
    - Enumerates processes with tasklist
    PID:5320

C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe
"C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe"
1⤵
- Checks computer location settings
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:5416
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:5512
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:5532
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:5584
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:5672
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version
    3⤵
    PID:5860
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic CSPRODUCT get
    3⤵
    PID:6040
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed
    3⤵
    PID:5028
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
    3⤵
    PID:5284
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "tasklist
  2⤵
  PID:5912
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist
    3⤵
    PID:6052
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:312
- - C:\Windows\System32\Conhost.exe
    \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    3⤵
    PID:6852
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:6516
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:3344
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version
    3⤵
    PID:5204
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic CSPRODUCT get
    3⤵
    PID:4908
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed
    3⤵
    PID:7144
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
    3⤵
    PID:8064
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:7092

C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe
"C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe"
1⤵
- Checks computer location settings
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:5644
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:5768
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:5784
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:5948
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:6060
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version
    3⤵
    PID:2492
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic CSPRODUCT get
    3⤵
    PID:3224
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed
    3⤵
    PID:5868
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
    3⤵
    PID:5160
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "tasklist
  2⤵
  PID:3036
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist
    3⤵
    - Enumerates processes with tasklist
    PID:6108

C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe
"C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe"
1⤵
- Checks computer location settings
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:5680
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:5872
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:5888
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:5988
  - - C:\Windows\SysWOW64\Wbem\WMIC.exe
      wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
      4⤵
      PID:9752
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:6084
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version
    3⤵
    PID:3332
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic CSPRODUCT get
    3⤵
    PID:4484
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed
    3⤵
    PID:6092
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
    3⤵
    PID:5204
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "tasklist
  2⤵
  PID:1536
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist
    3⤵
    PID:5996

C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe
"C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe"
1⤵
- Checks computer location settings
- Loads dropped DLL
PID:2080
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:3252
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:5340
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:5584
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:6104
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version
    3⤵
    PID:1964
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic CSPRODUCT get
    3⤵
    PID:6072
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed
    3⤵
    PID:5868
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
    3⤵
    PID:5196
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "tasklist
  2⤵
  PID:5800
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist
    3⤵
    PID:6100

C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe
"C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe"
1⤵
- Checks computer location settings
- Loads dropped DLL
PID:5184
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:5592
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:5624
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:5884
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:5148
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version
    3⤵
    PID:5516
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic CSPRODUCT get
    3⤵
    PID:5940
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed
    3⤵
    PID:4608
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
    3⤵
    PID:5208
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "tasklist
  2⤵
  PID:5560
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist
    3⤵
    PID:6128

C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe
"C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe"
1⤵
- Checks computer location settings
- Loads dropped DLL
PID:4976
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:5720
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:5896
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:6096
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:5200
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version
    3⤵
    PID:3860
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic CSPRODUCT get
    3⤵
    PID:6132
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed
    3⤵
    PID:5268
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
    3⤵
    PID:5852
  - - C:\Windows\SysWOW64\Wbem\WMIC.exe
      wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
      4⤵
      PID:4040
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "tasklist
  2⤵
  PID:5528
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist
    3⤵
    PID:6048

C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe
"C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe"
1⤵
- Checks computer location settings
- Loads dropped DLL
PID:5944
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:5336
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:5920
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:5540
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:6500
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version
    3⤵
    PID:6296
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic CSPRODUCT get
    3⤵
    PID:6336
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed
    3⤵
    PID:6368
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
    3⤵
    PID:1140
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "tasklist
  2⤵
  PID:5452
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist
    3⤵
    - Enumerates processes with tasklist
    PID:6152

C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe
"C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe"
1⤵
- Checks computer location settings
- Loads dropped DLL
PID:3692
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:6080
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:6000
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:616
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:6484
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version
    3⤵
    PID:3756
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic CSPRODUCT get
    3⤵
    PID:6600
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed
    3⤵
    PID:6468
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
    3⤵
    PID:6832
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "tasklist
  2⤵
  PID:6620
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist
    3⤵
    - Enumerates processes with tasklist
    PID:6504

C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe
"C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe"
1⤵
- Checks computer location settings
- Loads dropped DLL
PID:5984
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:5292
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:6216
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:6760
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version
    3⤵
    PID:6476
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic CSPRODUCT get
    3⤵
    PID:7108
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed
    3⤵
    PID:6968
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
    3⤵
    PID:6340
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:6068
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "tasklist
  2⤵
  PID:6600
- - C:\Windows\System32\Conhost.exe
    \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    3⤵
    PID:7164
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist
    3⤵
    PID:7004

C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe
"C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe"
1⤵
- Checks computer location settings
- Loads dropped DLL
PID:6088
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:5876
- - C:\Windows\System32\Conhost.exe
    \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    3⤵
    PID:5884
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:6408
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:6976
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version
    3⤵
    PID:6520
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic CSPRODUCT get
    3⤵
    PID:6316
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed
    3⤵
    PID:6900
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
    3⤵
    PID:6884
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:5676
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "tasklist
  2⤵
  PID:6200
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist
    3⤵
    PID:6172

C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe
"C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe"
1⤵
- Checks computer location settings
- Loads dropped DLL
PID:5580
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:4348
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:6340
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:6776
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version
    3⤵
    PID:6400
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic CSPRODUCT get
    3⤵
    PID:6700
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed
    3⤵
    PID:7084
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
    3⤵
    PID:7072
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:3332
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "tasklist
  2⤵
  PID:6608
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist
    3⤵
    - Enumerates processes with tasklist
    PID:7140
  - - C:\Windows\SysWOW64\tasklist.exe
      tasklist
      4⤵
      PID:9244

C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe
"C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe"
1⤵
- Checks computer location settings
- Loads dropped DLL
PID:5324
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:6348
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:6524
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:6208
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version
    3⤵
    PID:6980
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic CSPRODUCT get
    3⤵
    PID:1256
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed
    3⤵
    PID:6720
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
    3⤵
    PID:6440
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:6332
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "tasklist
  2⤵
  PID:5900
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist
    3⤵
    PID:6780

C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe
"C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe"
1⤵
- Checks computer location settings
- Loads dropped DLL
PID:6184
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:6492
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:6508
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:7080
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:7164
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version
    3⤵
    PID:7032
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic CSPRODUCT get
    3⤵
    PID:6496
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed
    3⤵
    PID:6760
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
    3⤵
    PID:6472
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "tasklist
  2⤵
  PID:6980
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist
    3⤵
    - Enumerates processes with tasklist
    PID:7024
- C:\Windows\SysWOW64\tasklist.exe
  tasklist
  2⤵
  - Enumerates processes with tasklist
  PID:8960

C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe
"C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe"
1⤵
PID:6584
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:6940
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:6960
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:6372
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:6852
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version
    3⤵
    PID:6604
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic CSPRODUCT get
    3⤵
    PID:6488
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed
    3⤵
    PID:7024
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
    3⤵
    PID:6372
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "tasklist
  2⤵
  PID:6456
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist
    3⤵
    PID:6304
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist
    3⤵
    - Enumerates processes with tasklist
    PID:9260

C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe
"C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe"
1⤵
PID:6560
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:6872
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:6368
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:7044
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version
    3⤵
    PID:6528
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic CSPRODUCT get
    3⤵
    PID:6532
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed
    3⤵
    PID:6708
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
    3⤵
    PID:6252
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:6860
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "tasklist
  2⤵
  PID:6404
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist
    3⤵
    - Enumerates processes with tasklist
    PID:5552

C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe
"C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe"
1⤵
- Loads dropped DLL
PID:6648
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:6992
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:6496
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:6264
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version
    3⤵
    PID:7048
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic CSPRODUCT get
    3⤵
    PID:6980
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed
    3⤵
    PID:5828
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
    3⤵
    PID:6292
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:6952
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "tasklist
  2⤵
  PID:6400
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist
    3⤵
    - Enumerates processes with tasklist
    PID:6888

C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe
"C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe"
1⤵
PID:6668
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:7112
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:7128
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:6900
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:6864
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version
    3⤵
    PID:6208
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic CSPRODUCT get
    3⤵
    PID:6852
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed
    3⤵
    PID:6448
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
    3⤵
    PID:6196
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "tasklist
  2⤵
  PID:6764
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist
    3⤵
    - Enumerates processes with tasklist
    PID:5908

C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
1⤵
PID:3756

C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe
"C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe"
1⤵
- Checks computer location settings
- Loads dropped DLL
PID:6208
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:3996
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:6704
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:5352
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version
    3⤵
    PID:3504
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic CSPRODUCT get
    3⤵
    PID:6604
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed
    3⤵
    PID:6524
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
    3⤵
    PID:4332
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:5376
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "tasklist
  2⤵
  PID:7236
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist
    3⤵
    - Enumerates processes with tasklist
    PID:8704

C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe
"C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe"
1⤵
- Checks computer location settings
- Loads dropped DLL
PID:7116
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:5248
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:5996
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:6676
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:6320
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version
    3⤵
    PID:6812
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic CSPRODUCT get
    3⤵
    PID:5920
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed
    3⤵
    PID:2580
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
    3⤵
    PID:6704
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "tasklist
  2⤵
  PID:9168

C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe
"C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe"
1⤵
- Checks computer location settings
- Loads dropped DLL
PID:6972
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:5804
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:6560
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:7096
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version
    3⤵
    PID:6596
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic CSPRODUCT get
    3⤵
    PID:6696
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed
    3⤵
    PID:1912
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
    3⤵
    PID:4376
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:5176
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "tasklist
  2⤵
  PID:5744

C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe
"C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe"
1⤵
- Checks computer location settings
- Loads dropped DLL
PID:6880
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:2920
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:6856
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:6660
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version
    3⤵
    PID:2480
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic CSPRODUCT get
    3⤵
    PID:7036
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed
    3⤵
    PID:6464
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
    3⤵
    PID:5136
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:5152
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "tasklist
  2⤵
  PID:7760
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist
    3⤵
    - Enumerates processes with tasklist
    PID:6484

C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe
"C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe"
1⤵
- Checks computer location settings
- Loads dropped DLL
PID:6216
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:6304
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  - Blocklisted process makes network request
  PID:5580
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:2188
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:6688
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version
    3⤵
    PID:6540
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic CSPRODUCT get
    3⤵
    PID:6912
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed
    3⤵
    PID:6604
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
    3⤵
    PID:4852
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "tasklist
  2⤵
  PID:9620
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist
    3⤵
    PID:7380

C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe
"C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe"
1⤵
- Checks computer location settings
- Loads dropped DLL
PID:7064
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:5876
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:6196
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:5164
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version
    3⤵
    PID:6308
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic CSPRODUCT get
    3⤵
    PID:5300
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed
    3⤵
    PID:3992
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
    3⤵
    PID:7044
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:6844
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "tasklist
  2⤵
  PID:2716

C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe
"C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe"
1⤵
- Checks computer location settings
- Loads dropped DLL
PID:4492
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:5476
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:6992
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:2012
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version
    3⤵
    PID:2352
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic CSPRODUCT get
    3⤵
    PID:2012
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed
    3⤵
    PID:4416
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
    3⤵
    PID:3672
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:5720
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "tasklist
  2⤵
  PID:8952
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist
    3⤵
    PID:3460

C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe
"C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe"
1⤵
- Checks computer location settings
- Loads dropped DLL
PID:1296
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:7040
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:5180
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:5892
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version
    3⤵
    PID:7044
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic CSPRODUCT get
    3⤵
    PID:6628
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed
    3⤵
    PID:988
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
    3⤵
    PID:7548
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:6956
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "tasklist
  2⤵
  PID:6368

C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe
"C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe"
1⤵
- Checks computer location settings
- Loads dropped DLL
PID:3740
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:1780
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:6784
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:6152
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version
    3⤵
    PID:6240
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic CSPRODUCT get
    3⤵
    PID:6052
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed
    3⤵
    PID:6368
  - - C:\Windows\SysWOW64\tasklist.exe
      tasklist
      4⤵
      Enumerates processes with tasklist
      PID:7264
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
    3⤵
    PID:8040
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:6492
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "tasklist
  2⤵
  PID:6720
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist
    3⤵
    - Enumerates processes with tasklist
    PID:9456

C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe
"C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe"
1⤵
- Checks computer location settings
- Loads dropped DLL
PID:3696
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:6448
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:6680
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:6052
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version
    3⤵
    PID:5972
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic CSPRODUCT get
    3⤵
    PID:4344
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed
    3⤵
    PID:6580
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
    3⤵
    PID:8380
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:5124
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "tasklist
  2⤵
  PID:6288
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist
    3⤵
    PID:9732

C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe
"C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe"
1⤵
- Checks computer location settings
- Loads dropped DLL
PID:220
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:6788
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:6764
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:764
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version
    3⤵
    PID:1704
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic CSPRODUCT get
    3⤵
    PID:5940
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed
    3⤵
    PID:6932
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
    3⤵
    PID:7300
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:6588
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "tasklist
  2⤵
  PID:7944

C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe
"C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe"
1⤵
- Checks computer location settings
- Loads dropped DLL
PID:4692
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:6224
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:5928
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:752
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version
    3⤵
    - Blocklisted process makes network request
    - Checks computer location settings
    - Loads dropped DLL
    PID:6560
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic CSPRODUCT get
    3⤵
    PID:6516
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed
    3⤵
    PID:7096
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
    3⤵
    PID:5180
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:6164
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "tasklist
  2⤵
  PID:4164
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist
    3⤵
    - Enumerates processes with tasklist
    PID:9704

C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe
"C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe"
1⤵
- Checks computer location settings
- Loads dropped DLL
PID:524
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:6420
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:6916
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:6356
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version
    3⤵
    PID:6384
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic CSPRODUCT get
    3⤵
    PID:7068
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed
    3⤵
    PID:3584
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
    3⤵
    PID:7644
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:6244
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "tasklist
  2⤵
  PID:7600
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist
    3⤵
    - Enumerates processes with tasklist
    PID:8132

C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe
"C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe"
1⤵
- Checks computer location settings
- Loads dropped DLL
PID:1720
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:5880
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:5328
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    - Blocklisted process makes network request
    PID:5644
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version
    3⤵
    PID:2080
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic CSPRODUCT get
    3⤵
    PID:5892
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed
    3⤵
    PID:2480
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
    3⤵
    PID:8620
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:6644
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "tasklist
  2⤵
  PID:9228

C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe
"C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe"
1⤵
- Checks computer location settings
- Loads dropped DLL
PID:5924
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:6008
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:7068
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:6232
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version
    3⤵
    PID:5832
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic CSPRODUCT get
    3⤵
    PID:2584
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed
    3⤵
    PID:6900
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
    3⤵
    PID:8352
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:5392
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "tasklist
  2⤵
  PID:8544
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist
    3⤵
    PID:9684

C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe
"C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe"
1⤵
- Checks computer location settings
- Loads dropped DLL
PID:6104
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:5524
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    - Blocklisted process makes network request
    - Checks computer location settings
    - Loads dropped DLL
    PID:6668
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:4868
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version
    3⤵
    PID:5428
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic CSPRODUCT get
    3⤵
    PID:5420
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed
    3⤵
    PID:5428
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
    3⤵
    PID:7196
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:6740
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "tasklist
  2⤵
  PID:7356

C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe
"C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe"
1⤵
- Loads dropped DLL
PID:4772
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:5712
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:6912
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:2328
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version
    3⤵
    PID:5660
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic CSPRODUCT get
    3⤵
    PID:3728
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed
    3⤵
    PID:4080
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
    3⤵
    PID:7176
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:5636
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "tasklist
  2⤵
  PID:7140

C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe
"C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe"
1⤵
- Checks computer location settings
- Loads dropped DLL
PID:1900
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:6044
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:5456
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:6580
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version
    3⤵
    PID:6924
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic CSPRODUCT get
    3⤵
    - Blocklisted process makes network request
    PID:2988
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed
    3⤵
    PID:5488
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
    3⤵
    PID:6652
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:5292
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "tasklist
  2⤵
  PID:9808
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist
    3⤵
    PID:7684

C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe
"C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe"
1⤵
- Checks computer location settings
- Loads dropped DLL
PID:5172
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:6340
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:5136
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:6556
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version
    3⤵
    PID:4376
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic CSPRODUCT get
    3⤵
    PID:5744
  - - C:\Windows\SysWOW64\tasklist.exe
      tasklist
      4⤵
      PID:8944
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed
    3⤵
    PID:6840
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
    3⤵
    PID:7820
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:5324
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "tasklist
  2⤵
  PID:5468

C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe
"C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe"
1⤵
- Checks computer location settings
- Loads dropped DLL
PID:3196
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:6268
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:7132
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:6464
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:4332
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version
    3⤵
    PID:6652
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic CSPRODUCT get
    3⤵
    PID:5664
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed
    3⤵
    PID:5792
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
    3⤵
    PID:6152
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "tasklist
  2⤵
  PID:8588
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist
    3⤵
    PID:9572

C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe
"C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe"
1⤵
- Checks computer location settings
- Loads dropped DLL
PID:6708
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:920
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:2988
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:4416
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version
    3⤵
    PID:5352
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic CSPRODUCT get
    3⤵
    PID:6004
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed
    3⤵
    PID:6508
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
    3⤵
    PID:5652
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:1232
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "tasklist
  2⤵
  PID:9628
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist
    3⤵
    PID:9296

C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe
"C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe"
1⤵
- Checks computer location settings
- Loads dropped DLL
PID:5416
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "tasklist
  2⤵
  PID:4356
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist
    3⤵
    PID:9412

C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe
"C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe"
1⤵
- Loads dropped DLL
PID:6280
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:5920
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:8160
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:6496
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version
    3⤵
    PID:1688
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic CSPRODUCT get
    3⤵
    PID:7080
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed
    3⤵
    PID:10168
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
    3⤵
    PID:9056
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:5760
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "tasklist
  2⤵
  PID:3156
- - C:\Windows\System32\Conhost.exe
    \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    3⤵
    PID:6252
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist
    3⤵
    - Enumerates processes with tasklist
    PID:4612

C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe
"C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe"
1⤵
- Checks computer location settings
- Loads dropped DLL
PID:1964
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:7920
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:8712
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:9304
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version
    3⤵
    PID:5452
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic CSPRODUCT get
    3⤵
    PID:8044
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed
    3⤵
    PID:5948
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
    3⤵
    PID:6884
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:7912
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "tasklist
  2⤵
  PID:8852
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist
    3⤵
    PID:8884

C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe
"C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe"
1⤵
- Checks computer location settings
- Loads dropped DLL
PID:6488
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:7876
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:8700
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:6056
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version
    3⤵
    PID:6728
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic CSPRODUCT get
    3⤵
    PID:9532
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed
    3⤵
    PID:6200
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
    3⤵
    PID:988
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:7804
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "tasklist
  2⤵
  PID:6472
- - C:\Windows\System32\Conhost.exe
    \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    3⤵
    PID:7544
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist
    3⤵
    PID:9784

C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe
"C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe"
1⤵
- Checks computer location settings
- Loads dropped DLL
PID:6848
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:7952
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:9176
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:9364
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version
    3⤵
    PID:8848
  - - C:\Windows\SysWOW64\tasklist.exe
      tasklist
      4⤵
      PID:1608
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:8328
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic CSPRODUCT get
    3⤵
    PID:4484
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed
    3⤵
    PID:9644
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
    3⤵
    PID:6400
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:8
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "tasklist
  2⤵
  PID:8848

C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe
"C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe"
1⤵
- Checks computer location settings
- Loads dropped DLL
PID:6812
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:1172
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:7272
- - C:\Windows\System32\Conhost.exe
    \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    3⤵
    PID:5664
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:8896
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:6604
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version
    3⤵
    PID:6380
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic CSPRODUCT get
    3⤵
    PID:4864
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed
    3⤵
    PID:1316
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
    3⤵
    PID:6600
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "tasklist
  2⤵
  PID:9536
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist
    3⤵
    PID:1196

C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe
"C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe"
1⤵
- Checks computer location settings
- Loads dropped DLL
PID:7068
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:8308
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:8336
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:9504
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:6924
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version
    3⤵
    PID:9844
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic CSPRODUCT get
    3⤵
    PID:8424
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed
    3⤵
    PID:7104
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
    3⤵
    PID:10144
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "tasklist
  2⤵
  PID:10076
- - C:\Windows\System32\Conhost.exe
    \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    3⤵
    PID:6176
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist
    3⤵
    PID:400

C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe
"C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe"
1⤵
- Checks computer location settings
- Loads dropped DLL
PID:6372
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:7860
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:8612
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:7544
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version
    3⤵
    PID:6732
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic CSPRODUCT get
    3⤵
    PID:9752
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed
    3⤵
    PID:6932
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
    3⤵
    PID:8604
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:8356
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:7848
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "tasklist
  2⤵
  PID:7792
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist
    3⤵
    - Enumerates processes with tasklist
    PID:10148

C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe
"C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe"
1⤵
- Checks computer location settings
- Loads dropped DLL
PID:7308
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:8728
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:9956
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:8344
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version
    3⤵
    PID:4600
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic CSPRODUCT get
    3⤵
    PID:1256
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed
    3⤵
    PID:9424
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
    3⤵
    PID:8356
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:8628
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "tasklist
  2⤵
  PID:6072
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist
    3⤵
    - Enumerates processes with tasklist
    PID:6084

C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe
"C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe"
1⤵
- Checks computer location settings
- Loads dropped DLL
PID:7188
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:8364
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:9636
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:5428
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version
    3⤵
    PID:6572
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic CSPRODUCT get
    3⤵
    PID:6536
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed
    3⤵
    PID:9976
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
    3⤵
    PID:9540
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:8300
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "tasklist
  2⤵
  PID:6456

C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe
"C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe"
1⤵
- Checks computer location settings
- Loads dropped DLL
PID:7160
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:7676
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:8484
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:5916
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version
    3⤵
    PID:5948
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic CSPRODUCT get
    3⤵
    PID:9540
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed
    3⤵
    PID:8160
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
    3⤵
    PID:6860
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:7668
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "tasklist
  2⤵
  PID:9984
- - C:\Windows\System32\Conhost.exe
    \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    3⤵
    PID:9176
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist
    3⤵
    PID:9016

C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe
"C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe"
1⤵
- Loads dropped DLL
PID:7412
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:8656
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:9748
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:7316
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version
    3⤵
    PID:8984
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic CSPRODUCT get
    3⤵
    PID:8164
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed
    3⤵
    PID:6192
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
    3⤵
    PID:9660
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:8640
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "tasklist
  2⤵
  PID:7008
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist
    3⤵
    PID:7924
- - C:\Windows\System32\Conhost.exe
    \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    3⤵
    PID:6536

C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe
"C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe"
1⤵
- Checks computer location settings
- Loads dropped DLL
PID:7812
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:8828
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:8004
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:9676
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version
    3⤵
    PID:7976
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic CSPRODUCT get
    3⤵
    PID:6056
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed
    3⤵
    PID:9336
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
    3⤵
    PID:7556
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:8748
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "tasklist
  2⤵
  PID:5300
- - C:\Windows\System32\Conhost.exe
    \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    3⤵
    PID:9844
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist
    3⤵
    - Enumerates processes with tasklist
    PID:10192

C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe
"C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe"
1⤵
- Checks computer location settings
- Loads dropped DLL
PID:8048
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:7572
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version
    3⤵
    PID:6968
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic CSPRODUCT get
    3⤵
    PID:6428
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed
    3⤵
    PID:2524
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
    3⤵
    PID:6692
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:9112
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "tasklist
  2⤵
  PID:8680

C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe
"C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe"
1⤵
- Loads dropped DLL
PID:8100
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:2112
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version
    3⤵
    PID:8908
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic CSPRODUCT get
    3⤵
    PID:6012
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed
    3⤵
    PID:6072
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
    3⤵
    PID:668
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:9164
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "tasklist
  2⤵
  PID:8784
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist
    3⤵
    PID:9524

C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe
"C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe"
1⤵
- Loads dropped DLL
PID:8168
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:9132
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version
    3⤵
    PID:2552
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic CSPRODUCT get
    3⤵
    PID:7136
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed
    3⤵
    PID:9936
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
    3⤵
    PID:9580
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:9096
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "tasklist
  2⤵
  PID:2488

C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe
"C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe"
1⤵
- Checks computer location settings
- Loads dropped DLL
PID:6540
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:9212
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version
    3⤵
    PID:9372
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic CSPRODUCT get
    3⤵
    PID:6188
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed
    3⤵
    PID:1236
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
    3⤵
    PID:8716
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:9204
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "tasklist
  2⤵
  PID:7784
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist
    3⤵
    PID:3268

C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
1⤵
PID:6384

C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe
"C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe"
1⤵
- Checks computer location settings
- Loads dropped DLL
PID:3436
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:4924
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version
    3⤵
    PID:8700
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic CSPRODUCT get
    3⤵
    PID:6176
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed
    3⤵
    PID:6396
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
    3⤵
    PID:9272
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:9196
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "tasklist
  2⤵
  PID:9980
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist
    3⤵
    - Enumerates processes with tasklist
    PID:6796

C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe
"C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe"
1⤵
- Checks computer location settings
PID:5420
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:3132
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:2572
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version
    3⤵
    PID:8328
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic CSPRODUCT get
    3⤵
    PID:5488
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed
    3⤵
    PID:9608
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
    3⤵
    PID:9916
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "tasklist
  2⤵
  - Blocklisted process makes network request
  PID:2080
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist
    3⤵
    PID:4452

C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe
"C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe"
1⤵
- Checks computer location settings
- Loads dropped DLL
PID:4416
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:8312
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version
    3⤵
    PID:2304
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic CSPRODUCT get
    3⤵
    PID:6480
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed
    3⤵
    PID:10180
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
    3⤵
    PID:9452
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:6936
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "tasklist
  2⤵
  PID:6312
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist
    3⤵
    PID:6396

C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe
"C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe"
1⤵
- Checks computer location settings
- Loads dropped DLL
PID:8248
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:5108
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version
    3⤵
    PID:6692
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic CSPRODUCT get
    3⤵
    PID:8708
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed
    3⤵
    PID:10096
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
    3⤵
    PID:9748
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:4380
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "tasklist
  2⤵
  - Blocklisted process makes network request
  PID:6184

C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe
"C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe"
1⤵
- Checks computer location settings
- Loads dropped DLL
PID:7696
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:8668
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:8776
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:8000
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:10004
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version
    3⤵
    PID:5116
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic CSPRODUCT get
    3⤵
    PID:10028
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed
    3⤵
    PID:9600
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
    3⤵
    PID:8556
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "tasklist
  2⤵
  PID:6824
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist
    3⤵
    - Enumerates processes with tasklist
    PID:9600
- - C:\Windows\System32\Conhost.exe
    \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    3⤵
    PID:7316

C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe
"C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe"
1⤵
- Checks computer location settings
PID:8648
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:7844
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:2488
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:9336
  - - C:\Windows\SysWOW64\tasklist.exe
      tasklist
      4⤵
      PID:9156
    - - C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        5⤵
        
        PID:2488
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version
    3⤵
    PID:9640
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic CSPRODUCT get
    3⤵
    PID:9364
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed
    3⤵
    PID:10204
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
    3⤵
    PID:9544
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:2620
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "tasklist
  2⤵
  PID:9676
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist
    3⤵
    PID:8916

C:\Windows\SysWOW64\Wbem\WMIC.exe
wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
1⤵
PID:8044

C:\Windows\SysWOW64\Wbem\WMIC.exe
wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
1⤵
PID:6428

C:\Windows\SysWOW64\tasklist.exe
tasklist
1⤵
- Enumerates processes with tasklist
PID:6792

C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
1⤵
PID:6864

C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
1⤵
PID:2188

C:\Windows\SysWOW64\Wbem\WMIC.exe
wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
1⤵
PID:7852

C:\Windows\SysWOW64\Wbem\WMIC.exe
wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
1⤵
PID:1796

C:\Windows\SysWOW64\Wbem\WMIC.exe
wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
1⤵
PID:8592

C:\Windows\SysWOW64\Wbem\WMIC.exe
wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
1⤵
PID:6900

C:\Windows\SysWOW64\tasklist.exe
tasklist
1⤵
- Enumerates processes with tasklist
PID:7616

C:\Windows\SysWOW64\Wbem\WMIC.exe
wmic baseboard get Manufacturer,Product,SerialNumber
1⤵
PID:9476

C:\Windows\SysWOW64\Wbem\WMIC.exe
wmic baseboard get Manufacturer,Product,SerialNumber
1⤵
PID:9876

C:\Windows\SysWOW64\Wbem\WMIC.exe
wmic baseboard get Manufacturer,Product,SerialNumber
1⤵
PID:10012

C:\Windows\SysWOW64\Wbem\WMIC.exe
wmic baseboard get Manufacturer,Product,SerialNumber
1⤵
PID:10024

C:\Windows\SysWOW64\Wbem\WMIC.exe
wmic baseboard get Manufacturer,Product,SerialNumber
1⤵
PID:9976

C:\Windows\SysWOW64\tasklist.exe
tasklist
1⤵
PID:10208

C:\Windows\SysWOW64\Wbem\WMIC.exe
wmic baseboard get Manufacturer,Product,SerialNumber
1⤵
- Blocklisted process makes network request
PID:5944

C:\Windows\SysWOW64\tasklist.exe
tasklist
1⤵
- Enumerates processes with tasklist
PID:9236

C:\Windows\SysWOW64\Wbem\WMIC.exe
wmic baseboard get Manufacturer,Product,SerialNumber
1⤵
PID:7568

C:\Windows\SysWOW64\tasklist.exe
tasklist
1⤵
- Enumerates processes with tasklist
PID:8624

C:\Windows\SysWOW64\Wbem\WMIC.exe
wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
1⤵
PID:7136

C:\Windows\SysWOW64\tasklist.exe
tasklist
1⤵
PID:3772

C:\Windows\SysWOW64\Wbem\WMIC.exe
wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
1⤵
PID:6536

C:\Windows\SysWOW64\Wbem\WMIC.exe
wmic baseboard get Manufacturer,Product,SerialNumber
1⤵
PID:9056

C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
1⤵
PID:6840

C:\Windows\SysWOW64\Wbem\WMIC.exe
wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
1⤵
PID:7428

C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
1⤵
PID:6856

C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
1⤵
PID:6200

C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
1⤵
PID:9532

C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
1⤵
PID:2524

C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
1⤵
PID:2552

C:\Windows\SysWOW64\tasklist.exe
tasklist
1⤵
PID:8344

C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe
"C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe"
1⤵
- Checks computer location settings
PID:10044
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:6640
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:5344
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:6332
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version
    3⤵
    PID:11144
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:2496

C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe
"C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe"
1⤵
- Checks computer location settings
PID:6904
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:5156
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:9660
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:7556
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:1252
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version
    3⤵
    PID:10856

C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe
"C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe"
1⤵
PID:5508
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:7008
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:8764
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:4396
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:6228

C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe
"C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe"
1⤵
- Checks computer location settings
PID:9588
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:5784
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:7072
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:8576
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:6948

C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe
"C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe"
1⤵
- Checks computer location settings
PID:2312
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:5132
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:5944
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:9224
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:9468

C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe
"C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe"
1⤵
- Checks computer location settings
PID:5808
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:5488
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:8276
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:9472
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:10024

C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe
"C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe"
1⤵
PID:3576
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:6824
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:7668
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:8968
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:9132

C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe
"C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe"
1⤵
PID:5844
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:7916
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:10184
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:4420
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:8948

C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe
"C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe"
1⤵
PID:2416
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:8604
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:5044
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:7304
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:5924

C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe
"C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe"
1⤵
PID:4976
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:5148
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:4940
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:5088
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:2612

C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe
"C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe"
1⤵
PID:6156
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:7052
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:9108
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:9248
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:7760

C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe
"C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe"
1⤵
PID:8976
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:9804
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:7448
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:5500
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:6976

C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe
"C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe"
1⤵
PID:2256
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:1140
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:5292
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:8908
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:3808

C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe
"C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe"
1⤵
PID:7592
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:8912
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:7468
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:8140
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:4888

C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe
"C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe"
1⤵
PID:7128
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:9192
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:7352
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:10400
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:6020

C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe
"C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe"
1⤵
PID:9124
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  - Blocklisted process makes network request
  PID:6372
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:6604
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:5552
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:3728

C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe
"C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe"
1⤵
PID:6628
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:9380
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    - Blocklisted process makes network request
    PID:1296
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:10392
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:7656

C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe
"C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe"
1⤵
PID:6236
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:5104
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:3692
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:10492
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:7612

C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe
"C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe"
1⤵
PID:2640
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:6204
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:9204
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:10384
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:6940

C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe
"C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe"
1⤵
PID:7408
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:6400
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:5352
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:10644
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:8864

C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe
"C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe"
1⤵
PID:5996
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:8128
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:6804
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:9868
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:10368

C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe
"C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe"
1⤵
PID:6652
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:8944
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:8680
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:10544
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:5580

C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe
"C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe"
1⤵
PID:8712
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:8852
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:8588
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:10716
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:8624

C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe
"C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe"
1⤵
PID:8728
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:7952
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:7616
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:10724
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:5172

C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe
"C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe"
1⤵
PID:10088
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  - Blocklisted process makes network request
  PID:1900
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:8516
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:10352
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:8236

C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe
"C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe"
1⤵
PID:9072
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:6300
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:7832
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:7364

C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe
"C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe"
1⤵
PID:7436
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:5300
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:5676
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:10732
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:7876

C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe
"C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe"
1⤵
PID:8740
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:6664
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:6528
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:2188

C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe
"C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe"
1⤵
PID:6684
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:5988
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:8136

C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe
"C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe"
1⤵
PID:5476
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:8980
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:9464
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:6644

C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe
"C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe"
1⤵
PID:2768
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:6224
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:7464
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:1500

C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe
"C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe"
1⤵
PID:5496
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:5852
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:6032

C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe
"C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe"
1⤵
PID:6256
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:3276
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:7804
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:6656

C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe
"C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe"
1⤵
PID:3956
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:10008
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:7372
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:6992

C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe
"C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe"
1⤵
PID:8296
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:5644
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:7896
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:9992

C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe
"C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe"
1⤵
PID:9032
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:5688
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:4796
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:7800

C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe
"C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe"
1⤵
PID:6740
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:7140
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:9360
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:10212
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:9864

C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe
"C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe"
1⤵
PID:8312
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:8268
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:9304
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:3968

C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe
"C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe"
1⤵
PID:4496
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:8996
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:1168
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:11152
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:9092

C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe
"C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe"
1⤵
PID:9960
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:9156
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:3504
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:11016
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:7092

C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe
"C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe"
1⤵
PID:5516
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:8156
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:7368
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:3780

C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe
"C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe"
1⤵
PID:5376
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:1692
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:9920
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:6316

C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe
"C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe"
1⤵
PID:6268
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:5976
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:5652
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:6260

C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe
"C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe"
1⤵
PID:8612
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:6008
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:7784
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:5084

C:\Windows\SysWOW64\Wbem\WMIC.exe
wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
1⤵
PID:9892

C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe
"C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe"
1⤵
PID:6264
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:9536
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:2184
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:9488

C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe
"C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe"
1⤵
PID:5952
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:7472
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:5404
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:5436

C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe
"C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe"
1⤵
PID:7224
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:8568
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:4856
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:10300

C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe
"C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe"
1⤵
PID:9708
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:8088
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:4176

C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe
"C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe"
1⤵
PID:6840
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:2352
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:10256
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:7624

C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe
"C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe"
1⤵
PID:5428
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:6052
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:10700
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:10224

C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe
"C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe"
1⤵
PID:1096
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:9028
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:10708
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:5184

C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe
"C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe"
1⤵
PID:9932
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:8252
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:5320
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:11176

C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe
"C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe"
1⤵
PID:7056
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:10872
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:10852

C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe
"C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe"
1⤵
PID:6996
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:8052

C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe
"C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe"
1⤵
PID:9140
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:11124
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:11096

C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe
"C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe"
1⤵
PID:4668
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:10768
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:10780

C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe
"C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe"
1⤵
PID:3096
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:10508
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:10464

C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe
"C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe"
1⤵
PID:9492
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:10272
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:6352
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:7544

C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe
"C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe"
1⤵
PID:3232

C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe
"C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe"
1⤵
PID:4356

C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe
"C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe"
1⤵
PID:9232

C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe
"C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe"
1⤵
PID:7428

C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe
"C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe"
1⤵
PID:8844

C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe
"C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe"
1⤵
PID:6852

C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe
"C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe"
1⤵
PID:3132

C:\Windows\SysWOW64\Wbem\WMIC.exe
wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
1⤵
PID:10308

C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe
"C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe"
1⤵
PID:5360

C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe
"C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe"
1⤵
PID:10760

C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe
"C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe"
1⤵
PID:10892

C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe
"C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe"
1⤵
PID:11108

C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe
"C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe"
1⤵
PID:11132

C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe
"C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe"
1⤵
PID:10068

C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe
"C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe"
1⤵
PID:5944

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Process Discovery

T1057

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\VTProblem-VM (2).exe.log

Filesize
1KB

MD5
68210ac86590d0ea9ffa04671036ecf3

SHA1
fbda2894df40e613bafe99e39f76f8fce11ccffa

SHA256
3e35b35f99745a7a97e4fd81be55ab4a396cab57aeeff6de2c999cbcc03deae5

SHA512
c8f9dbd69b4444e93b738e7ded21125b79ed3b28ebbd154cf250768ee62f6c3f016a1db4a9c1dbb4b5f7dca878182a90c83a9a9f7051ef2be7aecce81be20b12

Download Submit
C:\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll

Filesize
40KB

MD5
94173de2e35aa8d621fc1c4f54b2a082

SHA1
fbb2266ee47f88462560f0370edb329554cd5869

SHA256
7e2c70b7732fb1a9a61d7ce3d7290bc7b31ea28cbfb1dbc79d377835615b941f

SHA512
cadbf4db0417283a02febbabd337bf17b254a6eb6e771f8a553a140dd2b04efd0672b1f3175c044a3edd0a911ce59d6695f765555262560925f3159bb8f3b798

Download Submit
C:\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll

Filesize
40KB

MD5
94173de2e35aa8d621fc1c4f54b2a082

SHA1
fbb2266ee47f88462560f0370edb329554cd5869

SHA256
7e2c70b7732fb1a9a61d7ce3d7290bc7b31ea28cbfb1dbc79d377835615b941f

SHA512
cadbf4db0417283a02febbabd337bf17b254a6eb6e771f8a553a140dd2b04efd0672b1f3175c044a3edd0a911ce59d6695f765555262560925f3159bb8f3b798

Download Submit
C:\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll

Filesize
40KB

MD5
94173de2e35aa8d621fc1c4f54b2a082

SHA1
fbb2266ee47f88462560f0370edb329554cd5869

SHA256
7e2c70b7732fb1a9a61d7ce3d7290bc7b31ea28cbfb1dbc79d377835615b941f

SHA512
cadbf4db0417283a02febbabd337bf17b254a6eb6e771f8a553a140dd2b04efd0672b1f3175c044a3edd0a911ce59d6695f765555262560925f3159bb8f3b798

Download Submit
C:\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll

Filesize
40KB

MD5
94173de2e35aa8d621fc1c4f54b2a082

SHA1
fbb2266ee47f88462560f0370edb329554cd5869

SHA256
7e2c70b7732fb1a9a61d7ce3d7290bc7b31ea28cbfb1dbc79d377835615b941f

SHA512
cadbf4db0417283a02febbabd337bf17b254a6eb6e771f8a553a140dd2b04efd0672b1f3175c044a3edd0a911ce59d6695f765555262560925f3159bb8f3b798

Download Submit
C:\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll

Filesize
40KB

MD5
94173de2e35aa8d621fc1c4f54b2a082

SHA1
fbb2266ee47f88462560f0370edb329554cd5869

SHA256
7e2c70b7732fb1a9a61d7ce3d7290bc7b31ea28cbfb1dbc79d377835615b941f

SHA512
cadbf4db0417283a02febbabd337bf17b254a6eb6e771f8a553a140dd2b04efd0672b1f3175c044a3edd0a911ce59d6695f765555262560925f3159bb8f3b798

Download Submit
C:\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll

Filesize
40KB

MD5
94173de2e35aa8d621fc1c4f54b2a082

SHA1
fbb2266ee47f88462560f0370edb329554cd5869

SHA256
7e2c70b7732fb1a9a61d7ce3d7290bc7b31ea28cbfb1dbc79d377835615b941f

SHA512
cadbf4db0417283a02febbabd337bf17b254a6eb6e771f8a553a140dd2b04efd0672b1f3175c044a3edd0a911ce59d6695f765555262560925f3159bb8f3b798

Download Submit
C:\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll

Filesize
40KB

MD5
94173de2e35aa8d621fc1c4f54b2a082

SHA1
fbb2266ee47f88462560f0370edb329554cd5869

SHA256
7e2c70b7732fb1a9a61d7ce3d7290bc7b31ea28cbfb1dbc79d377835615b941f

SHA512
cadbf4db0417283a02febbabd337bf17b254a6eb6e771f8a553a140dd2b04efd0672b1f3175c044a3edd0a911ce59d6695f765555262560925f3159bb8f3b798

Download Submit
C:\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll

Filesize
40KB

MD5
94173de2e35aa8d621fc1c4f54b2a082

SHA1
fbb2266ee47f88462560f0370edb329554cd5869

SHA256
7e2c70b7732fb1a9a61d7ce3d7290bc7b31ea28cbfb1dbc79d377835615b941f

SHA512
cadbf4db0417283a02febbabd337bf17b254a6eb6e771f8a553a140dd2b04efd0672b1f3175c044a3edd0a911ce59d6695f765555262560925f3159bb8f3b798

Download Submit
C:\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll

Filesize
40KB

MD5
94173de2e35aa8d621fc1c4f54b2a082

SHA1
fbb2266ee47f88462560f0370edb329554cd5869

SHA256
7e2c70b7732fb1a9a61d7ce3d7290bc7b31ea28cbfb1dbc79d377835615b941f

SHA512
cadbf4db0417283a02febbabd337bf17b254a6eb6e771f8a553a140dd2b04efd0672b1f3175c044a3edd0a911ce59d6695f765555262560925f3159bb8f3b798

Download Submit
C:\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll

Filesize
40KB

MD5
94173de2e35aa8d621fc1c4f54b2a082

SHA1
fbb2266ee47f88462560f0370edb329554cd5869

SHA256
7e2c70b7732fb1a9a61d7ce3d7290bc7b31ea28cbfb1dbc79d377835615b941f

SHA512
cadbf4db0417283a02febbabd337bf17b254a6eb6e771f8a553a140dd2b04efd0672b1f3175c044a3edd0a911ce59d6695f765555262560925f3159bb8f3b798

Download Submit
C:\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll

Filesize
40KB

MD5
94173de2e35aa8d621fc1c4f54b2a082

SHA1
fbb2266ee47f88462560f0370edb329554cd5869

SHA256
7e2c70b7732fb1a9a61d7ce3d7290bc7b31ea28cbfb1dbc79d377835615b941f

SHA512
cadbf4db0417283a02febbabd337bf17b254a6eb6e771f8a553a140dd2b04efd0672b1f3175c044a3edd0a911ce59d6695f765555262560925f3159bb8f3b798

Download Submit
C:\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll

Filesize
40KB

MD5
94173de2e35aa8d621fc1c4f54b2a082

SHA1
fbb2266ee47f88462560f0370edb329554cd5869

SHA256
7e2c70b7732fb1a9a61d7ce3d7290bc7b31ea28cbfb1dbc79d377835615b941f

SHA512
cadbf4db0417283a02febbabd337bf17b254a6eb6e771f8a553a140dd2b04efd0672b1f3175c044a3edd0a911ce59d6695f765555262560925f3159bb8f3b798

Download Submit
C:\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll

Filesize
40KB

MD5
94173de2e35aa8d621fc1c4f54b2a082

SHA1
fbb2266ee47f88462560f0370edb329554cd5869

SHA256
7e2c70b7732fb1a9a61d7ce3d7290bc7b31ea28cbfb1dbc79d377835615b941f

SHA512
cadbf4db0417283a02febbabd337bf17b254a6eb6e771f8a553a140dd2b04efd0672b1f3175c044a3edd0a911ce59d6695f765555262560925f3159bb8f3b798

Download Submit
C:\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll

Filesize
40KB

MD5
94173de2e35aa8d621fc1c4f54b2a082

SHA1
fbb2266ee47f88462560f0370edb329554cd5869

SHA256
7e2c70b7732fb1a9a61d7ce3d7290bc7b31ea28cbfb1dbc79d377835615b941f

SHA512
cadbf4db0417283a02febbabd337bf17b254a6eb6e771f8a553a140dd2b04efd0672b1f3175c044a3edd0a911ce59d6695f765555262560925f3159bb8f3b798

Download Submit
C:\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll

Filesize
40KB

MD5
94173de2e35aa8d621fc1c4f54b2a082

SHA1
fbb2266ee47f88462560f0370edb329554cd5869

SHA256
7e2c70b7732fb1a9a61d7ce3d7290bc7b31ea28cbfb1dbc79d377835615b941f

SHA512
cadbf4db0417283a02febbabd337bf17b254a6eb6e771f8a553a140dd2b04efd0672b1f3175c044a3edd0a911ce59d6695f765555262560925f3159bb8f3b798

Download Submit
C:\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll

Filesize
40KB

MD5
94173de2e35aa8d621fc1c4f54b2a082

SHA1
fbb2266ee47f88462560f0370edb329554cd5869

SHA256
7e2c70b7732fb1a9a61d7ce3d7290bc7b31ea28cbfb1dbc79d377835615b941f

SHA512
cadbf4db0417283a02febbabd337bf17b254a6eb6e771f8a553a140dd2b04efd0672b1f3175c044a3edd0a911ce59d6695f765555262560925f3159bb8f3b798

Download Submit
C:\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll

Filesize
40KB

MD5
94173de2e35aa8d621fc1c4f54b2a082

SHA1
fbb2266ee47f88462560f0370edb329554cd5869

SHA256
7e2c70b7732fb1a9a61d7ce3d7290bc7b31ea28cbfb1dbc79d377835615b941f

SHA512
cadbf4db0417283a02febbabd337bf17b254a6eb6e771f8a553a140dd2b04efd0672b1f3175c044a3edd0a911ce59d6695f765555262560925f3159bb8f3b798

Download Submit
C:\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll

Filesize
40KB

MD5
94173de2e35aa8d621fc1c4f54b2a082

SHA1
fbb2266ee47f88462560f0370edb329554cd5869

SHA256
7e2c70b7732fb1a9a61d7ce3d7290bc7b31ea28cbfb1dbc79d377835615b941f

SHA512
cadbf4db0417283a02febbabd337bf17b254a6eb6e771f8a553a140dd2b04efd0672b1f3175c044a3edd0a911ce59d6695f765555262560925f3159bb8f3b798

Download Submit
C:\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll

Filesize
40KB

MD5
94173de2e35aa8d621fc1c4f54b2a082

SHA1
fbb2266ee47f88462560f0370edb329554cd5869

SHA256
7e2c70b7732fb1a9a61d7ce3d7290bc7b31ea28cbfb1dbc79d377835615b941f

SHA512
cadbf4db0417283a02febbabd337bf17b254a6eb6e771f8a553a140dd2b04efd0672b1f3175c044a3edd0a911ce59d6695f765555262560925f3159bb8f3b798

Download Submit
C:\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll

Filesize
40KB

MD5
94173de2e35aa8d621fc1c4f54b2a082

SHA1
fbb2266ee47f88462560f0370edb329554cd5869

SHA256
7e2c70b7732fb1a9a61d7ce3d7290bc7b31ea28cbfb1dbc79d377835615b941f

SHA512
cadbf4db0417283a02febbabd337bf17b254a6eb6e771f8a553a140dd2b04efd0672b1f3175c044a3edd0a911ce59d6695f765555262560925f3159bb8f3b798

Download Submit
C:\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll

Filesize
40KB

MD5
94173de2e35aa8d621fc1c4f54b2a082

SHA1
fbb2266ee47f88462560f0370edb329554cd5869

SHA256
7e2c70b7732fb1a9a61d7ce3d7290bc7b31ea28cbfb1dbc79d377835615b941f

SHA512
cadbf4db0417283a02febbabd337bf17b254a6eb6e771f8a553a140dd2b04efd0672b1f3175c044a3edd0a911ce59d6695f765555262560925f3159bb8f3b798

Download Submit
C:\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll

Filesize
40KB

MD5
94173de2e35aa8d621fc1c4f54b2a082

SHA1
fbb2266ee47f88462560f0370edb329554cd5869

SHA256
7e2c70b7732fb1a9a61d7ce3d7290bc7b31ea28cbfb1dbc79d377835615b941f

SHA512
cadbf4db0417283a02febbabd337bf17b254a6eb6e771f8a553a140dd2b04efd0672b1f3175c044a3edd0a911ce59d6695f765555262560925f3159bb8f3b798

Download Submit
C:\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll

Filesize
40KB

MD5
94173de2e35aa8d621fc1c4f54b2a082

SHA1
fbb2266ee47f88462560f0370edb329554cd5869

SHA256
7e2c70b7732fb1a9a61d7ce3d7290bc7b31ea28cbfb1dbc79d377835615b941f

SHA512
cadbf4db0417283a02febbabd337bf17b254a6eb6e771f8a553a140dd2b04efd0672b1f3175c044a3edd0a911ce59d6695f765555262560925f3159bb8f3b798

Download Submit
C:\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll

Filesize
40KB

MD5
94173de2e35aa8d621fc1c4f54b2a082

SHA1
fbb2266ee47f88462560f0370edb329554cd5869

SHA256
7e2c70b7732fb1a9a61d7ce3d7290bc7b31ea28cbfb1dbc79d377835615b941f

SHA512
cadbf4db0417283a02febbabd337bf17b254a6eb6e771f8a553a140dd2b04efd0672b1f3175c044a3edd0a911ce59d6695f765555262560925f3159bb8f3b798

Download Submit
C:\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll

Filesize
40KB

MD5
94173de2e35aa8d621fc1c4f54b2a082

SHA1
fbb2266ee47f88462560f0370edb329554cd5869

SHA256
7e2c70b7732fb1a9a61d7ce3d7290bc7b31ea28cbfb1dbc79d377835615b941f

SHA512
cadbf4db0417283a02febbabd337bf17b254a6eb6e771f8a553a140dd2b04efd0672b1f3175c044a3edd0a911ce59d6695f765555262560925f3159bb8f3b798

Download Submit
C:\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll

Filesize
40KB

MD5
94173de2e35aa8d621fc1c4f54b2a082

SHA1
fbb2266ee47f88462560f0370edb329554cd5869

SHA256
7e2c70b7732fb1a9a61d7ce3d7290bc7b31ea28cbfb1dbc79d377835615b941f

SHA512
cadbf4db0417283a02febbabd337bf17b254a6eb6e771f8a553a140dd2b04efd0672b1f3175c044a3edd0a911ce59d6695f765555262560925f3159bb8f3b798

Download Submit
C:\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll

Filesize
40KB

MD5
94173de2e35aa8d621fc1c4f54b2a082

SHA1
fbb2266ee47f88462560f0370edb329554cd5869

SHA256
7e2c70b7732fb1a9a61d7ce3d7290bc7b31ea28cbfb1dbc79d377835615b941f

SHA512
cadbf4db0417283a02febbabd337bf17b254a6eb6e771f8a553a140dd2b04efd0672b1f3175c044a3edd0a911ce59d6695f765555262560925f3159bb8f3b798

Download Submit
C:\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll

Filesize
40KB

MD5
94173de2e35aa8d621fc1c4f54b2a082

SHA1
fbb2266ee47f88462560f0370edb329554cd5869

SHA256
7e2c70b7732fb1a9a61d7ce3d7290bc7b31ea28cbfb1dbc79d377835615b941f

SHA512
cadbf4db0417283a02febbabd337bf17b254a6eb6e771f8a553a140dd2b04efd0672b1f3175c044a3edd0a911ce59d6695f765555262560925f3159bb8f3b798

Download Submit
C:\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll

Filesize
40KB

MD5
94173de2e35aa8d621fc1c4f54b2a082

SHA1
fbb2266ee47f88462560f0370edb329554cd5869

SHA256
7e2c70b7732fb1a9a61d7ce3d7290bc7b31ea28cbfb1dbc79d377835615b941f

SHA512
cadbf4db0417283a02febbabd337bf17b254a6eb6e771f8a553a140dd2b04efd0672b1f3175c044a3edd0a911ce59d6695f765555262560925f3159bb8f3b798

Download Submit
C:\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll

Filesize
40KB

MD5
94173de2e35aa8d621fc1c4f54b2a082

SHA1
fbb2266ee47f88462560f0370edb329554cd5869

SHA256
7e2c70b7732fb1a9a61d7ce3d7290bc7b31ea28cbfb1dbc79d377835615b941f

SHA512
cadbf4db0417283a02febbabd337bf17b254a6eb6e771f8a553a140dd2b04efd0672b1f3175c044a3edd0a911ce59d6695f765555262560925f3159bb8f3b798

Download Submit
C:\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll

Filesize
40KB

MD5
94173de2e35aa8d621fc1c4f54b2a082

SHA1
fbb2266ee47f88462560f0370edb329554cd5869

SHA256
7e2c70b7732fb1a9a61d7ce3d7290bc7b31ea28cbfb1dbc79d377835615b941f

SHA512
cadbf4db0417283a02febbabd337bf17b254a6eb6e771f8a553a140dd2b04efd0672b1f3175c044a3edd0a911ce59d6695f765555262560925f3159bb8f3b798

Download Submit
C:\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll

Filesize
40KB

MD5
94173de2e35aa8d621fc1c4f54b2a082

SHA1
fbb2266ee47f88462560f0370edb329554cd5869

SHA256
7e2c70b7732fb1a9a61d7ce3d7290bc7b31ea28cbfb1dbc79d377835615b941f

SHA512
cadbf4db0417283a02febbabd337bf17b254a6eb6e771f8a553a140dd2b04efd0672b1f3175c044a3edd0a911ce59d6695f765555262560925f3159bb8f3b798

Download Submit
C:\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll

Filesize
40KB

MD5
94173de2e35aa8d621fc1c4f54b2a082

SHA1
fbb2266ee47f88462560f0370edb329554cd5869

SHA256
7e2c70b7732fb1a9a61d7ce3d7290bc7b31ea28cbfb1dbc79d377835615b941f

SHA512
cadbf4db0417283a02febbabd337bf17b254a6eb6e771f8a553a140dd2b04efd0672b1f3175c044a3edd0a911ce59d6695f765555262560925f3159bb8f3b798

Download Submit
C:\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll

Filesize
40KB

MD5
94173de2e35aa8d621fc1c4f54b2a082

SHA1
fbb2266ee47f88462560f0370edb329554cd5869

SHA256
7e2c70b7732fb1a9a61d7ce3d7290bc7b31ea28cbfb1dbc79d377835615b941f

SHA512
cadbf4db0417283a02febbabd337bf17b254a6eb6e771f8a553a140dd2b04efd0672b1f3175c044a3edd0a911ce59d6695f765555262560925f3159bb8f3b798

Download Submit
C:\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll

Filesize
40KB

MD5
94173de2e35aa8d621fc1c4f54b2a082

SHA1
fbb2266ee47f88462560f0370edb329554cd5869

SHA256
7e2c70b7732fb1a9a61d7ce3d7290bc7b31ea28cbfb1dbc79d377835615b941f

SHA512
cadbf4db0417283a02febbabd337bf17b254a6eb6e771f8a553a140dd2b04efd0672b1f3175c044a3edd0a911ce59d6695f765555262560925f3159bb8f3b798

Download Submit
C:\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll

Filesize
40KB

MD5
94173de2e35aa8d621fc1c4f54b2a082

SHA1
fbb2266ee47f88462560f0370edb329554cd5869

SHA256
7e2c70b7732fb1a9a61d7ce3d7290bc7b31ea28cbfb1dbc79d377835615b941f

SHA512
cadbf4db0417283a02febbabd337bf17b254a6eb6e771f8a553a140dd2b04efd0672b1f3175c044a3edd0a911ce59d6695f765555262560925f3159bb8f3b798

Download Submit
C:\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll

Filesize
40KB

MD5
94173de2e35aa8d621fc1c4f54b2a082

SHA1
fbb2266ee47f88462560f0370edb329554cd5869

SHA256
7e2c70b7732fb1a9a61d7ce3d7290bc7b31ea28cbfb1dbc79d377835615b941f

SHA512
cadbf4db0417283a02febbabd337bf17b254a6eb6e771f8a553a140dd2b04efd0672b1f3175c044a3edd0a911ce59d6695f765555262560925f3159bb8f3b798

Download Submit
C:\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll

Filesize
40KB

MD5
94173de2e35aa8d621fc1c4f54b2a082

SHA1
fbb2266ee47f88462560f0370edb329554cd5869

SHA256
7e2c70b7732fb1a9a61d7ce3d7290bc7b31ea28cbfb1dbc79d377835615b941f

SHA512
cadbf4db0417283a02febbabd337bf17b254a6eb6e771f8a553a140dd2b04efd0672b1f3175c044a3edd0a911ce59d6695f765555262560925f3159bb8f3b798

Download Submit
C:\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll

Filesize
40KB

MD5
94173de2e35aa8d621fc1c4f54b2a082

SHA1
fbb2266ee47f88462560f0370edb329554cd5869

SHA256
7e2c70b7732fb1a9a61d7ce3d7290bc7b31ea28cbfb1dbc79d377835615b941f

SHA512
cadbf4db0417283a02febbabd337bf17b254a6eb6e771f8a553a140dd2b04efd0672b1f3175c044a3edd0a911ce59d6695f765555262560925f3159bb8f3b798

Download Submit
C:\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll

Filesize
40KB

MD5
94173de2e35aa8d621fc1c4f54b2a082

SHA1
fbb2266ee47f88462560f0370edb329554cd5869

SHA256
7e2c70b7732fb1a9a61d7ce3d7290bc7b31ea28cbfb1dbc79d377835615b941f

SHA512
cadbf4db0417283a02febbabd337bf17b254a6eb6e771f8a553a140dd2b04efd0672b1f3175c044a3edd0a911ce59d6695f765555262560925f3159bb8f3b798

Download Submit
C:\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll

Filesize
40KB

MD5
94173de2e35aa8d621fc1c4f54b2a082

SHA1
fbb2266ee47f88462560f0370edb329554cd5869

SHA256
7e2c70b7732fb1a9a61d7ce3d7290bc7b31ea28cbfb1dbc79d377835615b941f

SHA512
cadbf4db0417283a02febbabd337bf17b254a6eb6e771f8a553a140dd2b04efd0672b1f3175c044a3edd0a911ce59d6695f765555262560925f3159bb8f3b798

Download Submit
C:\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll

Filesize
40KB

MD5
94173de2e35aa8d621fc1c4f54b2a082

SHA1
fbb2266ee47f88462560f0370edb329554cd5869

SHA256
7e2c70b7732fb1a9a61d7ce3d7290bc7b31ea28cbfb1dbc79d377835615b941f

SHA512
cadbf4db0417283a02febbabd337bf17b254a6eb6e771f8a553a140dd2b04efd0672b1f3175c044a3edd0a911ce59d6695f765555262560925f3159bb8f3b798

Download Submit
C:\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll

Filesize
40KB

MD5
94173de2e35aa8d621fc1c4f54b2a082

SHA1
fbb2266ee47f88462560f0370edb329554cd5869

SHA256
7e2c70b7732fb1a9a61d7ce3d7290bc7b31ea28cbfb1dbc79d377835615b941f

SHA512
cadbf4db0417283a02febbabd337bf17b254a6eb6e771f8a553a140dd2b04efd0672b1f3175c044a3edd0a911ce59d6695f765555262560925f3159bb8f3b798

Download Submit
C:\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll

Filesize
40KB

MD5
94173de2e35aa8d621fc1c4f54b2a082

SHA1
fbb2266ee47f88462560f0370edb329554cd5869

SHA256
7e2c70b7732fb1a9a61d7ce3d7290bc7b31ea28cbfb1dbc79d377835615b941f

SHA512
cadbf4db0417283a02febbabd337bf17b254a6eb6e771f8a553a140dd2b04efd0672b1f3175c044a3edd0a911ce59d6695f765555262560925f3159bb8f3b798

Download Submit
C:\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll

Filesize
40KB

MD5
94173de2e35aa8d621fc1c4f54b2a082

SHA1
fbb2266ee47f88462560f0370edb329554cd5869

SHA256
7e2c70b7732fb1a9a61d7ce3d7290bc7b31ea28cbfb1dbc79d377835615b941f

SHA512
cadbf4db0417283a02febbabd337bf17b254a6eb6e771f8a553a140dd2b04efd0672b1f3175c044a3edd0a911ce59d6695f765555262560925f3159bb8f3b798

Download Submit
C:\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll

Filesize
40KB

MD5
94173de2e35aa8d621fc1c4f54b2a082

SHA1
fbb2266ee47f88462560f0370edb329554cd5869

SHA256
7e2c70b7732fb1a9a61d7ce3d7290bc7b31ea28cbfb1dbc79d377835615b941f

SHA512
cadbf4db0417283a02febbabd337bf17b254a6eb6e771f8a553a140dd2b04efd0672b1f3175c044a3edd0a911ce59d6695f765555262560925f3159bb8f3b798

Download Submit
C:\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll

Filesize
40KB

MD5
94173de2e35aa8d621fc1c4f54b2a082

SHA1
fbb2266ee47f88462560f0370edb329554cd5869

SHA256
7e2c70b7732fb1a9a61d7ce3d7290bc7b31ea28cbfb1dbc79d377835615b941f

SHA512
cadbf4db0417283a02febbabd337bf17b254a6eb6e771f8a553a140dd2b04efd0672b1f3175c044a3edd0a911ce59d6695f765555262560925f3159bb8f3b798

Download Submit
C:\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll

Filesize
40KB

MD5
94173de2e35aa8d621fc1c4f54b2a082

SHA1
fbb2266ee47f88462560f0370edb329554cd5869

SHA256
7e2c70b7732fb1a9a61d7ce3d7290bc7b31ea28cbfb1dbc79d377835615b941f

SHA512
cadbf4db0417283a02febbabd337bf17b254a6eb6e771f8a553a140dd2b04efd0672b1f3175c044a3edd0a911ce59d6695f765555262560925f3159bb8f3b798

Download Submit
C:\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll

Filesize
40KB

MD5
94173de2e35aa8d621fc1c4f54b2a082

SHA1
fbb2266ee47f88462560f0370edb329554cd5869

SHA256
7e2c70b7732fb1a9a61d7ce3d7290bc7b31ea28cbfb1dbc79d377835615b941f

SHA512
cadbf4db0417283a02febbabd337bf17b254a6eb6e771f8a553a140dd2b04efd0672b1f3175c044a3edd0a911ce59d6695f765555262560925f3159bb8f3b798

Download Submit
C:\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll

Filesize
40KB

MD5
94173de2e35aa8d621fc1c4f54b2a082

SHA1
fbb2266ee47f88462560f0370edb329554cd5869

SHA256
7e2c70b7732fb1a9a61d7ce3d7290bc7b31ea28cbfb1dbc79d377835615b941f

SHA512
cadbf4db0417283a02febbabd337bf17b254a6eb6e771f8a553a140dd2b04efd0672b1f3175c044a3edd0a911ce59d6695f765555262560925f3159bb8f3b798

Download Submit
C:\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll

Filesize
40KB

MD5
94173de2e35aa8d621fc1c4f54b2a082

SHA1
fbb2266ee47f88462560f0370edb329554cd5869

SHA256
7e2c70b7732fb1a9a61d7ce3d7290bc7b31ea28cbfb1dbc79d377835615b941f

SHA512
cadbf4db0417283a02febbabd337bf17b254a6eb6e771f8a553a140dd2b04efd0672b1f3175c044a3edd0a911ce59d6695f765555262560925f3159bb8f3b798

Download Submit
C:\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll

Filesize
40KB

MD5
94173de2e35aa8d621fc1c4f54b2a082

SHA1
fbb2266ee47f88462560f0370edb329554cd5869

SHA256
7e2c70b7732fb1a9a61d7ce3d7290bc7b31ea28cbfb1dbc79d377835615b941f

SHA512
cadbf4db0417283a02febbabd337bf17b254a6eb6e771f8a553a140dd2b04efd0672b1f3175c044a3edd0a911ce59d6695f765555262560925f3159bb8f3b798

Download Submit
C:\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll

Filesize
40KB

MD5
94173de2e35aa8d621fc1c4f54b2a082

SHA1
fbb2266ee47f88462560f0370edb329554cd5869

SHA256
7e2c70b7732fb1a9a61d7ce3d7290bc7b31ea28cbfb1dbc79d377835615b941f

SHA512
cadbf4db0417283a02febbabd337bf17b254a6eb6e771f8a553a140dd2b04efd0672b1f3175c044a3edd0a911ce59d6695f765555262560925f3159bb8f3b798

Download Submit
C:\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll

Filesize
40KB

MD5
94173de2e35aa8d621fc1c4f54b2a082

SHA1
fbb2266ee47f88462560f0370edb329554cd5869

SHA256
7e2c70b7732fb1a9a61d7ce3d7290bc7b31ea28cbfb1dbc79d377835615b941f

SHA512
cadbf4db0417283a02febbabd337bf17b254a6eb6e771f8a553a140dd2b04efd0672b1f3175c044a3edd0a911ce59d6695f765555262560925f3159bb8f3b798

Download Submit
C:\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll

Filesize
40KB

MD5
94173de2e35aa8d621fc1c4f54b2a082

SHA1
fbb2266ee47f88462560f0370edb329554cd5869

SHA256
7e2c70b7732fb1a9a61d7ce3d7290bc7b31ea28cbfb1dbc79d377835615b941f

SHA512
cadbf4db0417283a02febbabd337bf17b254a6eb6e771f8a553a140dd2b04efd0672b1f3175c044a3edd0a911ce59d6695f765555262560925f3159bb8f3b798

Download Submit
C:\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll

Filesize
40KB

MD5
94173de2e35aa8d621fc1c4f54b2a082

SHA1
fbb2266ee47f88462560f0370edb329554cd5869

SHA256
7e2c70b7732fb1a9a61d7ce3d7290bc7b31ea28cbfb1dbc79d377835615b941f

SHA512
cadbf4db0417283a02febbabd337bf17b254a6eb6e771f8a553a140dd2b04efd0672b1f3175c044a3edd0a911ce59d6695f765555262560925f3159bb8f3b798

Download Submit
C:\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll

Filesize
40KB

MD5
94173de2e35aa8d621fc1c4f54b2a082

SHA1
fbb2266ee47f88462560f0370edb329554cd5869

SHA256
7e2c70b7732fb1a9a61d7ce3d7290bc7b31ea28cbfb1dbc79d377835615b941f

SHA512
cadbf4db0417283a02febbabd337bf17b254a6eb6e771f8a553a140dd2b04efd0672b1f3175c044a3edd0a911ce59d6695f765555262560925f3159bb8f3b798

Download Submit
C:\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll

Filesize
40KB

MD5
94173de2e35aa8d621fc1c4f54b2a082

SHA1
fbb2266ee47f88462560f0370edb329554cd5869

SHA256
7e2c70b7732fb1a9a61d7ce3d7290bc7b31ea28cbfb1dbc79d377835615b941f

SHA512
cadbf4db0417283a02febbabd337bf17b254a6eb6e771f8a553a140dd2b04efd0672b1f3175c044a3edd0a911ce59d6695f765555262560925f3159bb8f3b798

Download Submit
C:\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll

Filesize
40KB

MD5
94173de2e35aa8d621fc1c4f54b2a082

SHA1
fbb2266ee47f88462560f0370edb329554cd5869

SHA256
7e2c70b7732fb1a9a61d7ce3d7290bc7b31ea28cbfb1dbc79d377835615b941f

SHA512
cadbf4db0417283a02febbabd337bf17b254a6eb6e771f8a553a140dd2b04efd0672b1f3175c044a3edd0a911ce59d6695f765555262560925f3159bb8f3b798

Download Submit
C:\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll

Filesize
40KB

MD5
94173de2e35aa8d621fc1c4f54b2a082

SHA1
fbb2266ee47f88462560f0370edb329554cd5869

SHA256
7e2c70b7732fb1a9a61d7ce3d7290bc7b31ea28cbfb1dbc79d377835615b941f

SHA512
cadbf4db0417283a02febbabd337bf17b254a6eb6e771f8a553a140dd2b04efd0672b1f3175c044a3edd0a911ce59d6695f765555262560925f3159bb8f3b798

Download Submit
C:\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll

Filesize
40KB

MD5
94173de2e35aa8d621fc1c4f54b2a082

SHA1
fbb2266ee47f88462560f0370edb329554cd5869

SHA256
7e2c70b7732fb1a9a61d7ce3d7290bc7b31ea28cbfb1dbc79d377835615b941f

SHA512
cadbf4db0417283a02febbabd337bf17b254a6eb6e771f8a553a140dd2b04efd0672b1f3175c044a3edd0a911ce59d6695f765555262560925f3159bb8f3b798

Download Submit
C:\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll

Filesize
40KB

MD5
94173de2e35aa8d621fc1c4f54b2a082

SHA1
fbb2266ee47f88462560f0370edb329554cd5869

SHA256
7e2c70b7732fb1a9a61d7ce3d7290bc7b31ea28cbfb1dbc79d377835615b941f

SHA512
cadbf4db0417283a02febbabd337bf17b254a6eb6e771f8a553a140dd2b04efd0672b1f3175c044a3edd0a911ce59d6695f765555262560925f3159bb8f3b798

Download Submit
C:\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll

Filesize
40KB

MD5
94173de2e35aa8d621fc1c4f54b2a082

SHA1
fbb2266ee47f88462560f0370edb329554cd5869

SHA256
7e2c70b7732fb1a9a61d7ce3d7290bc7b31ea28cbfb1dbc79d377835615b941f

SHA512
cadbf4db0417283a02febbabd337bf17b254a6eb6e771f8a553a140dd2b04efd0672b1f3175c044a3edd0a911ce59d6695f765555262560925f3159bb8f3b798

Download Submit
memory/1892-133-0x00000000057D0000-0x0000000005D74000-memory.dmp

Filesize
5.6MB

Download
memory/1892-145-0x00000000061F0000-0x0000000006282000-memory.dmp

Filesize
584KB

Download
memory/1892-146-0x0000000007DD0000-0x0000000007EDE000-memory.dmp

Filesize
1.1MB

Download
memory/1892-132-0x0000000000730000-0x0000000000770000-memory.dmp

Filesize
256KB

Download
memory/4760-213-0x00000000079F0000-0x0000000007A38000-memory.dmp

Filesize
288KB

Download
memory/10068-265-0x00000000075F0000-0x0000000007602000-memory.dmp

Filesize
72KB

Download