elysiumstealer | 48ee8d72d38ee855eafaf022a158d649d32e1b4e919e7b6f8d8b94ce47e43e98

Resubmissions

19-02-2023 16:10

230219-tmlzdsfh96 10

19-02-2023 16:06

230219-tj4p2afd3z 10

19-02-2023 16:05

230219-tjjd4afh92 10

19-02-2023 16:04

230219-th18hsfd3x 10

Analysis

max time kernel
203s
max time network
365s
platform
windows10-2004_x64
resource
win10v2004-20220812-de
resource tags

arch:x64arch:x86image:win10v2004-20220812-delocale:de-deos:windows10-2004-x64systemwindows
submitted
19-02-2023 16:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

VTProblem-VM (2).exe
Size

232KB
MD5

517b49453e545a36c8f1a3bc33251cc5
SHA1

e8a06fdbfbb2dc8052ede370bd977da819224a0d
SHA256

48ee8d72d38ee855eafaf022a158d649d32e1b4e919e7b6f8d8b94ce47e43e98
SHA512

a477ff24d032418ca17951d69cbcd77eb0d56784d96e58505077c69ead5fe0787869a756a8fb00f9c61a7aa4adb8c026acd571b6f330cae87ca020b5f498c9fe
SSDEEP

6144:Iio6TsKXWMLMJsVX+J4WAQ9mhYHuOjwae9fDjxExnDE7RPiA0:IA4QWCHX+JSQ9mhYHuOjwae9fDjxExnI

Score

10^/10

elysiumstealer stealer

Malware Config

Signatures

ElysiumStealer
ElysiumStealer (previously known as ZeromaxStealer) is an info stealer that can steal login credentials for various accounts.
stealer elysiumstealer

ElysiumStealer Support DLL 17 IoCs

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll	elysiumstealer_dll
C:\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll	elysiumstealer_dll
C:\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll	elysiumstealer_dll
C:\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll	elysiumstealer_dll
C:\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll	elysiumstealer_dll
C:\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll	elysiumstealer_dll
C:\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll	elysiumstealer_dll
C:\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll	elysiumstealer_dll
C:\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll	elysiumstealer_dll
C:\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll	elysiumstealer_dll
C:\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll	elysiumstealer_dll
C:\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll	elysiumstealer_dll
C:\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll	elysiumstealer_dll
C:\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll	elysiumstealer_dll
C:\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll	elysiumstealer_dll
C:\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll	elysiumstealer_dll
C:\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll	elysiumstealer_dll

Checks computer location settings 2 TTPs 64 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

VTProblem-VM (2).exeVTProblem-VM (2).exeVTProblem-VM (2).exeVTProblem-VM (2).exeVTProblem-VM (2).exeVTProblem-VM (2).exeVTProblem-VM (2).exeVTProblem-VM (2).exeVTProblem-VM (2).exeVTProblem-VM (2).exeVTProblem-VM (2).exeVTProblem-VM (2).exeVTProblem-VM (2).exeVTProblem-VM (2).exeVTProblem-VM (2).exeVTProblem-VM (2).exeVTProblem-VM (2).exeVTProblem-VM (2).exeVTProblem-VM (2).exeVTProblem-VM (2).exeVTProblem-VM (2).exeVTProblem-VM (2).exeVTProblem-VM (2).exeVTProblem-VM (2).exeVTProblem-VM (2).exeVTProblem-VM (2).exeVTProblem-VM (2).exeVTProblem-VM (2).exeVTProblem-VM (2).exeVTProblem-VM (2).exeVTProblem-VM (2).exeVTProblem-VM (2).exeVTProblem-VM (2).exeVTProblem-VM (2).exeVTProblem-VM (2).exeVTProblem-VM (2).exeVTProblem-VM (2).exeVTProblem-VM (2).exeVTProblem-VM (2).exeVTProblem-VM (2).exeVTProblem-VM (2).exeVTProblem-VM (2).exeVTProblem-VM (2).exeVTProblem-VM (2).exeVTProblem-VM (2).exeVTProblem-VM (2).exeVTProblem-VM (2).exeVTProblem-VM (2).exeVTProblem-VM (2).exeVTProblem-VM (2).exeVTProblem-VM (2).exeVTProblem-VM (2).exeVTProblem-VM (2).exeVTProblem-VM (2).exeVTProblem-VM (2).exeVTProblem-VM (2).exeVTProblem-VM (2).exeVTProblem-VM (2).exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation	VTProblem-VM (2).exe
Key value queried	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation	VTProblem-VM (2).exe
Key value queried	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation
Key value queried	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation	VTProblem-VM (2).exe
Key value queried	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation	VTProblem-VM (2).exe
Key value queried	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation	VTProblem-VM (2).exe
Key value queried	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation	VTProblem-VM (2).exe
Key value queried	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation
Key value queried	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation	VTProblem-VM (2).exe
Key value queried	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation	VTProblem-VM (2).exe
Key value queried	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation	VTProblem-VM (2).exe
Key value queried	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation	VTProblem-VM (2).exe
Key value queried	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation	VTProblem-VM (2).exe
Key value queried	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation	VTProblem-VM (2).exe
Key value queried	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation
Key value queried	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation	VTProblem-VM (2).exe
Key value queried	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation	VTProblem-VM (2).exe
Key value queried	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation	VTProblem-VM (2).exe
Key value queried	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation	VTProblem-VM (2).exe
Key value queried	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation	VTProblem-VM (2).exe
Key value queried	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation	VTProblem-VM (2).exe
Key value queried	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation
Key value queried	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation	VTProblem-VM (2).exe
Key value queried	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation	VTProblem-VM (2).exe
Key value queried	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation	VTProblem-VM (2).exe
Key value queried	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation	VTProblem-VM (2).exe
Key value queried	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation	VTProblem-VM (2).exe
Key value queried	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation	VTProblem-VM (2).exe
Key value queried	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation	VTProblem-VM (2).exe
Key value queried	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation	VTProblem-VM (2).exe
Key value queried	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation	VTProblem-VM (2).exe
Key value queried	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation	VTProblem-VM (2).exe
Key value queried	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation	VTProblem-VM (2).exe
Key value queried	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation
Key value queried	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation	VTProblem-VM (2).exe
Key value queried	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation	VTProblem-VM (2).exe
Key value queried	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation	VTProblem-VM (2).exe
Key value queried	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation	VTProblem-VM (2).exe
Key value queried	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation	VTProblem-VM (2).exe
Key value queried	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation	VTProblem-VM (2).exe
Key value queried	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation	VTProblem-VM (2).exe
Key value queried	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation	VTProblem-VM (2).exe
Key value queried	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation	VTProblem-VM (2).exe
Key value queried	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation	VTProblem-VM (2).exe
Key value queried	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation	VTProblem-VM (2).exe
Key value queried	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation	VTProblem-VM (2).exe
Key value queried	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation	VTProblem-VM (2).exe
Key value queried	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation	VTProblem-VM (2).exe
Key value queried	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation
Key value queried	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation	VTProblem-VM (2).exe
Key value queried	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation	VTProblem-VM (2).exe
Key value queried	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation	VTProblem-VM (2).exe
Key value queried	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation	VTProblem-VM (2).exe
Key value queried	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation	VTProblem-VM (2).exe
Key value queried	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation	VTProblem-VM (2).exe
Key value queried	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation	VTProblem-VM (2).exe
Key value queried	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation	VTProblem-VM (2).exe
Key value queried	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation	VTProblem-VM (2).exe
Key value queried	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation	VTProblem-VM (2).exe
Key value queried	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation	VTProblem-VM (2).exe
Key value queried	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation	VTProblem-VM (2).exe
Key value queried	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation	VTProblem-VM (2).exe
Key value queried	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation	VTProblem-VM (2).exe
Key value queried	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation	VTProblem-VM (2).exe

Loads dropped DLL 64 IoCs

Processes:

pid	process
2348	VTProblem-VM (2).exe
4820	VTProblem-VM (2).exe
5480	VTProblem-VM (2).exe
4808	VTProblem-VM (2).exe
1196	VTProblem-VM (2).exe
2888	VTProblem-VM (2).exe
1140	VTProblem-VM (2).exe
5744	VTProblem-VM (2).exe
5052	VTProblem-VM (2).exe
1980	VTProblem-VM (2).exe
3820	VTProblem-VM (2).exe
1700	VTProblem-VM (2).exe
2996	VTProblem-VM (2).exe
4868	VTProblem-VM (2).exe
972	VTProblem-VM (2).exe
2132	VTProblem-VM (2).exe
1184	VTProblem-VM (2).exe
2616	VTProblem-VM (2).exe
5400	VTProblem-VM (2).exe
5388	VTProblem-VM (2).exe
6000	VTProblem-VM (2).exe
5464	VTProblem-VM (2).exe
2112	VTProblem-VM (2).exe
6108	VTProblem-VM (2).exe
5384	VTProblem-VM (2).exe
2648	VTProblem-VM (2).exe
6128	VTProblem-VM (2).exe
5372	VTProblem-VM (2).exe
4840	VTProblem-VM (2).exe
568	VTProblem-VM (2).exe
4104	VTProblem-VM (2).exe
3632	VTProblem-VM (2).exe
2812	VTProblem-VM (2).exe
2564	VTProblem-VM (2).exe
3648	VTProblem-VM (2).exe
5912	VTProblem-VM (2).exe
6180	VTProblem-VM (2).exe
5596	VTProblem-VM (2).exe
5860	VTProblem-VM (2).exe
6308	VTProblem-VM (2).exe
6292	VTProblem-VM (2).exe
6472	VTProblem-VM (2).exe
6740	VTProblem-VM (2).exe
7184	VTProblem-VM (2).exe
7292	VTProblem-VM (2).exe
7300	VTProblem-VM (2).exe
7472	VTProblem-VM (2).exe
7676	VTProblem-VM (2).exe
7744	VTProblem-VM (2).exe
8136	VTProblem-VM (2).exe
8416	VTProblem-VM (2).exe
8592	VTProblem-VM (2).exe
8872	VTProblem-VM (2).exe
10152
9528	VTProblem-VM (2).exe
7820	VTProblem-VM (2).exe
8932
8860	VTProblem-VM (2).exe
10172
8728	VTProblem-VM (2).exe
7364
3416	VTProblem-VM (2).exe
10056	VTProblem-VM (2).exe
9572	VTProblem-VM (2).exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082
Program crash 2 IoCs

Processes:

pid pid_target process target process

15876 4564
14468 1020

pid	pid_target	process	target process
15876	4564
14468	1020

Checks SCSI registry key(s) 3 TTPs 30 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

Taskmgr.exeTaskmgr.exeTaskmgr.exeTaskmgr.exeTaskmgr.exeTaskmgr.exeTaskmgr.exeTaskmgr.exeTaskmgr.exeTaskmgr.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	Taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	Taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	Taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	Taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	Taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	Taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	Taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	Taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	Taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	Taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	Taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	Taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	Taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	Taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	Taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	Taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	Taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	Taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	Taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	Taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	Taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	Taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	Taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	Taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	Taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	Taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	Taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	Taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	Taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	Taskmgr.exe

Enumerates processes with tasklist 1 TTPs 64 IoCs

Process Discovery

T1057

Processes:

tasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exe

pid	process
9080
15284
12672
14856
5128
12772	tasklist.exe
11708
13864
14476
11028
3280	tasklist.exe
7388
15032
11056	tasklist.exe
6104
1148
14956
8660
10388
12324	tasklist.exe
14600
13224
5200	tasklist.exe
8184
14000	tasklist.exe
4816	tasklist.exe
12928
4816
14772
7404
13448	tasklist.exe
15052	tasklist.exe
12484	tasklist.exe
9024	tasklist.exe
448
12092	tasklist.exe
6336	tasklist.exe
14976
13636
9236
13404
3044	tasklist.exe
3856	tasklist.exe
12504	tasklist.exe
10096
10364	tasklist.exe
12612
12064
12064
6200
9548
10868
15892
14976
7968	tasklist.exe
10188
7676
9284
8856	tasklist.exe
8148	tasklist.exe
8092
16328
15324
14580

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies registry class 35 IoCs

Processes:

chrome.exechrome.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 14002e8005398e082303024b98265d99428e115f0000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\KnownFolderDerivedFolderType = "{885A186E-A440-4ADA-812B-DB871B942259}"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Downloads"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

Processes:

vlc.exe

pid process

2940 vlc.exe

pid	process
2940	vlc.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

VTProblem-VM (2).exeTaskmgr.exechrome.exechrome.exechrome.exechrome.exechrome.exe

pid	process
2348	VTProblem-VM (2).exe
4932	Taskmgr.exe
4932	Taskmgr.exe
3612	chrome.exe
3612	chrome.exe
3716	chrome.exe
3716	chrome.exe
4932	Taskmgr.exe
4932	Taskmgr.exe
4932	Taskmgr.exe
4932	Taskmgr.exe
4848	chrome.exe
4848	chrome.exe
4932	Taskmgr.exe
4932	Taskmgr.exe
4932	Taskmgr.exe
4932	Taskmgr.exe
1536	chrome.exe
1536	chrome.exe
4932	Taskmgr.exe
4932	Taskmgr.exe
4932	Taskmgr.exe
4932	Taskmgr.exe
4932	Taskmgr.exe
4932	Taskmgr.exe
4932	Taskmgr.exe
4932	Taskmgr.exe
4932	Taskmgr.exe
4932	Taskmgr.exe
4932	Taskmgr.exe
4932	Taskmgr.exe
4932	Taskmgr.exe
4932	Taskmgr.exe
4932	Taskmgr.exe
4932	Taskmgr.exe
4932	Taskmgr.exe
4932	Taskmgr.exe
4932	Taskmgr.exe
4932	Taskmgr.exe
4932	Taskmgr.exe
4932	Taskmgr.exe
4932	Taskmgr.exe
4932	Taskmgr.exe
4932	Taskmgr.exe
4932	Taskmgr.exe
4932	Taskmgr.exe
4932	Taskmgr.exe
4932	Taskmgr.exe
4932	Taskmgr.exe
4932	Taskmgr.exe
4932	Taskmgr.exe
4932	Taskmgr.exe
4932	Taskmgr.exe
4932	Taskmgr.exe
4932	Taskmgr.exe
4932	Taskmgr.exe
2944	chrome.exe
2944	chrome.exe
4932	Taskmgr.exe
4932	Taskmgr.exe
4932	Taskmgr.exe
4932	Taskmgr.exe
4932	Taskmgr.exe
4932	Taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

vlc.exe

pid process

2940 vlc.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

Processes:

chrome.exe

pid process

3716 chrome.exe
3716 chrome.exe
3716 chrome.exe
3716 chrome.exe
3716 chrome.exe
3716 chrome.exe

pid	process
2940	vlc.exe

pid	process
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

VTProblem-VM (2).exeWMIC.exeTaskmgr.exeWMIC.exe

description	pid	process
Token: SeDebugPrivilege	2348	VTProblem-VM (2).exe
Token: SeIncreaseQuotaPrivilege	5088	WMIC.exe
Token: SeSecurityPrivilege	5088	WMIC.exe
Token: SeTakeOwnershipPrivilege	5088	WMIC.exe
Token: SeLoadDriverPrivilege	5088	WMIC.exe
Token: SeSystemProfilePrivilege	5088	WMIC.exe
Token: SeSystemtimePrivilege	5088	WMIC.exe
Token: SeProfSingleProcessPrivilege	5088	WMIC.exe
Token: SeIncBasePriorityPrivilege	5088	WMIC.exe
Token: SeCreatePagefilePrivilege	5088	WMIC.exe
Token: SeBackupPrivilege	5088	WMIC.exe
Token: SeRestorePrivilege	5088	WMIC.exe
Token: SeShutdownPrivilege	5088	WMIC.exe
Token: SeDebugPrivilege	5088	WMIC.exe
Token: SeSystemEnvironmentPrivilege	5088	WMIC.exe
Token: SeRemoteShutdownPrivilege	5088	WMIC.exe
Token: SeUndockPrivilege	5088	WMIC.exe
Token: SeManageVolumePrivilege	5088	WMIC.exe
Token: 33	5088	WMIC.exe
Token: 34	5088	WMIC.exe
Token: 35	5088	WMIC.exe
Token: 36	5088	WMIC.exe
Token: SeDebugPrivilege	4932	Taskmgr.exe
Token: SeSystemProfilePrivilege	4932	Taskmgr.exe
Token: SeCreateGlobalPrivilege	4932	Taskmgr.exe
Token: SeIncreaseQuotaPrivilege	5088	WMIC.exe
Token: SeSecurityPrivilege	5088	WMIC.exe
Token: SeTakeOwnershipPrivilege	5088	WMIC.exe
Token: SeLoadDriverPrivilege	5088	WMIC.exe
Token: SeSystemProfilePrivilege	5088	WMIC.exe
Token: SeSystemtimePrivilege	5088	WMIC.exe
Token: SeProfSingleProcessPrivilege	5088	WMIC.exe
Token: SeIncBasePriorityPrivilege	5088	WMIC.exe
Token: SeCreatePagefilePrivilege	5088	WMIC.exe
Token: SeBackupPrivilege	5088	WMIC.exe
Token: SeRestorePrivilege	5088	WMIC.exe
Token: SeShutdownPrivilege	5088	WMIC.exe
Token: SeDebugPrivilege	5088	WMIC.exe
Token: SeSystemEnvironmentPrivilege	5088	WMIC.exe
Token: SeRemoteShutdownPrivilege	5088	WMIC.exe
Token: SeUndockPrivilege	5088	WMIC.exe
Token: SeManageVolumePrivilege	5088	WMIC.exe
Token: 33	5088	WMIC.exe
Token: 34	5088	WMIC.exe
Token: 35	5088	WMIC.exe
Token: 36	5088	WMIC.exe
Token: SeIncreaseQuotaPrivilege	2968	WMIC.exe
Token: SeSecurityPrivilege	2968	WMIC.exe
Token: SeTakeOwnershipPrivilege	2968	WMIC.exe
Token: SeLoadDriverPrivilege	2968	WMIC.exe
Token: SeSystemProfilePrivilege	2968	WMIC.exe
Token: SeSystemtimePrivilege	2968	WMIC.exe
Token: SeProfSingleProcessPrivilege	2968	WMIC.exe
Token: SeIncBasePriorityPrivilege	2968	WMIC.exe
Token: SeCreatePagefilePrivilege	2968	WMIC.exe
Token: SeBackupPrivilege	2968	WMIC.exe
Token: SeRestorePrivilege	2968	WMIC.exe
Token: SeShutdownPrivilege	2968	WMIC.exe
Token: SeDebugPrivilege	2968	WMIC.exe
Token: SeSystemEnvironmentPrivilege	2968	WMIC.exe
Token: SeRemoteShutdownPrivilege	2968	WMIC.exe
Token: SeUndockPrivilege	2968	WMIC.exe
Token: SeManageVolumePrivilege	2968	WMIC.exe
Token: 33	2968	WMIC.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

Taskmgr.exechrome.exe

pid	process
4932	Taskmgr.exe
4932	Taskmgr.exe
4932	Taskmgr.exe
4932	Taskmgr.exe
4932	Taskmgr.exe
4932	Taskmgr.exe
4932	Taskmgr.exe
4932	Taskmgr.exe
4932	Taskmgr.exe
4932	Taskmgr.exe
4932	Taskmgr.exe
4932	Taskmgr.exe
4932	Taskmgr.exe
4932	Taskmgr.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
4932	Taskmgr.exe
4932	Taskmgr.exe
4932	Taskmgr.exe
4932	Taskmgr.exe
4932	Taskmgr.exe
4932	Taskmgr.exe
4932	Taskmgr.exe
4932	Taskmgr.exe
4932	Taskmgr.exe
4932	Taskmgr.exe
4932	Taskmgr.exe
4932	Taskmgr.exe
4932	Taskmgr.exe
4932	Taskmgr.exe
4932	Taskmgr.exe
4932	Taskmgr.exe
4932	Taskmgr.exe
4932	Taskmgr.exe
4932	Taskmgr.exe
4932	Taskmgr.exe
4932	Taskmgr.exe
4932	Taskmgr.exe
4932	Taskmgr.exe
4932	Taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

Taskmgr.exechrome.exe

pid	process
4932	Taskmgr.exe
4932	Taskmgr.exe
4932	Taskmgr.exe
4932	Taskmgr.exe
4932	Taskmgr.exe
4932	Taskmgr.exe
4932	Taskmgr.exe
4932	Taskmgr.exe
4932	Taskmgr.exe
4932	Taskmgr.exe
4932	Taskmgr.exe
4932	Taskmgr.exe
4932	Taskmgr.exe
4932	Taskmgr.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
4932	Taskmgr.exe
4932	Taskmgr.exe
4932	Taskmgr.exe
4932	Taskmgr.exe
4932	Taskmgr.exe
4932	Taskmgr.exe
4932	Taskmgr.exe
4932	Taskmgr.exe
4932	Taskmgr.exe
4932	Taskmgr.exe
4932	Taskmgr.exe
4932	Taskmgr.exe
4932	Taskmgr.exe
4932	Taskmgr.exe
4932	Taskmgr.exe
4932	Taskmgr.exe
4932	Taskmgr.exe
4932	Taskmgr.exe
4932	Taskmgr.exe
4932	Taskmgr.exe
4932	Taskmgr.exe
4932	Taskmgr.exe
4932	Taskmgr.exe
4932	Taskmgr.exe
4932	Taskmgr.exe
4932	Taskmgr.exe

Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

chrome.exevlc.exe

pid process

5592 chrome.exe
2940 vlc.exe

pid	process
5592	chrome.exe
2940	vlc.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exeVTProblem-VM (2).execmd.exe

description	pid	process	target process
PID 3716 wrote to memory of 4720	3716	chrome.exe	chrome.exe
PID 3716 wrote to memory of 4720	3716	chrome.exe	chrome.exe
PID 2348 wrote to memory of 4932	2348	VTProblem-VM (2).exe	Taskmgr.exe
PID 2348 wrote to memory of 4932	2348	VTProblem-VM (2).exe	Taskmgr.exe
PID 2348 wrote to memory of 4932	2348	VTProblem-VM (2).exe	Taskmgr.exe
PID 2348 wrote to memory of 4944	2348	VTProblem-VM (2).exe	cmd.exe
PID 2348 wrote to memory of 4944	2348	VTProblem-VM (2).exe	cmd.exe
PID 2348 wrote to memory of 4944	2348	VTProblem-VM (2).exe	cmd.exe
PID 4944 wrote to memory of 5088	4944	cmd.exe	WMIC.exe
PID 4944 wrote to memory of 5088	4944	cmd.exe	WMIC.exe
PID 4944 wrote to memory of 5088	4944	cmd.exe	WMIC.exe
PID 4944 wrote to memory of 2968	4944	cmd.exe	WMIC.exe
PID 4944 wrote to memory of 2968	4944	cmd.exe	WMIC.exe
PID 4944 wrote to memory of 2968	4944	cmd.exe	WMIC.exe
PID 4944 wrote to memory of 4264	4944	cmd.exe	WMIC.exe
PID 4944 wrote to memory of 4264	4944	cmd.exe	WMIC.exe
PID 4944 wrote to memory of 4264	4944	cmd.exe	WMIC.exe
PID 4944 wrote to memory of 4328	4944	cmd.exe	WMIC.exe
PID 4944 wrote to memory of 4328	4944	cmd.exe	WMIC.exe
PID 4944 wrote to memory of 4328	4944	cmd.exe	WMIC.exe
PID 3716 wrote to memory of 4680	3716	chrome.exe	chrome.exe
PID 3716 wrote to memory of 4680	3716	chrome.exe	chrome.exe
PID 3716 wrote to memory of 4680	3716	chrome.exe	chrome.exe
PID 3716 wrote to memory of 4680	3716	chrome.exe	chrome.exe
PID 3716 wrote to memory of 4680	3716	chrome.exe	chrome.exe
PID 3716 wrote to memory of 4680	3716	chrome.exe	chrome.exe
PID 3716 wrote to memory of 4680	3716	chrome.exe	chrome.exe
PID 3716 wrote to memory of 4680	3716	chrome.exe	chrome.exe
PID 3716 wrote to memory of 4680	3716	chrome.exe	chrome.exe
PID 3716 wrote to memory of 4680	3716	chrome.exe	chrome.exe
PID 3716 wrote to memory of 4680	3716	chrome.exe	chrome.exe
PID 3716 wrote to memory of 4680	3716	chrome.exe	chrome.exe
PID 3716 wrote to memory of 4680	3716	chrome.exe	chrome.exe
PID 3716 wrote to memory of 4680	3716	chrome.exe	chrome.exe
PID 3716 wrote to memory of 4680	3716	chrome.exe	chrome.exe
PID 3716 wrote to memory of 4680	3716	chrome.exe	chrome.exe
PID 3716 wrote to memory of 4680	3716	chrome.exe	chrome.exe
PID 3716 wrote to memory of 4680	3716	chrome.exe	chrome.exe
PID 3716 wrote to memory of 4680	3716	chrome.exe	chrome.exe
PID 3716 wrote to memory of 4680	3716	chrome.exe	chrome.exe
PID 3716 wrote to memory of 4680	3716	chrome.exe	chrome.exe
PID 3716 wrote to memory of 4680	3716	chrome.exe	chrome.exe
PID 3716 wrote to memory of 4680	3716	chrome.exe	chrome.exe
PID 3716 wrote to memory of 4680	3716	chrome.exe	chrome.exe
PID 3716 wrote to memory of 4680	3716	chrome.exe	chrome.exe
PID 3716 wrote to memory of 4680	3716	chrome.exe	chrome.exe
PID 3716 wrote to memory of 4680	3716	chrome.exe	chrome.exe
PID 3716 wrote to memory of 4680	3716	chrome.exe	chrome.exe
PID 3716 wrote to memory of 4680	3716	chrome.exe	chrome.exe
PID 3716 wrote to memory of 4680	3716	chrome.exe	chrome.exe
PID 3716 wrote to memory of 4680	3716	chrome.exe	chrome.exe
PID 3716 wrote to memory of 4680	3716	chrome.exe	chrome.exe
PID 3716 wrote to memory of 4680	3716	chrome.exe	chrome.exe
PID 3716 wrote to memory of 4680	3716	chrome.exe	chrome.exe
PID 3716 wrote to memory of 4680	3716	chrome.exe	chrome.exe
PID 3716 wrote to memory of 4680	3716	chrome.exe	chrome.exe
PID 3716 wrote to memory of 4680	3716	chrome.exe	chrome.exe
PID 3716 wrote to memory of 4680	3716	chrome.exe	chrome.exe
PID 3716 wrote to memory of 4680	3716	chrome.exe	chrome.exe
PID 3716 wrote to memory of 4680	3716	chrome.exe	chrome.exe
PID 3716 wrote to memory of 3612	3716	chrome.exe	chrome.exe
PID 3716 wrote to memory of 3612	3716	chrome.exe	chrome.exe
PID 3716 wrote to memory of 2316	3716	chrome.exe	chrome.exe
PID 3716 wrote to memory of 2316	3716	chrome.exe	chrome.exe

C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe
"C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2348
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  - Checks SCSI registry key(s)
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:4932
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4944
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:5088
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2968
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version
    3⤵
    PID:4264
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic CSPRODUCT get
    3⤵
    PID:4328
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed
    3⤵
    PID:760
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
    3⤵
    PID:3920
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "tasklist
  2⤵
  PID:4808
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist
    3⤵
    - Enumerates processes with tasklist
    PID:3044

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffca0dc4f50,0x7ffca0dc4f60,0x7ffca0dc4f70
  2⤵
  PID:4720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1552,863953847904152413,15552189360650861117,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1628 /prefetch:2
  2⤵
  PID:4680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1552,863953847904152413,15552189360650861117,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1992 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1552,863953847904152413,15552189360650861117,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2268 /prefetch:8
  2⤵
  PID:2316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1552,863953847904152413,15552189360650861117,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2936 /prefetch:1
  2⤵
  PID:5100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1552,863953847904152413,15552189360650861117,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3124 /prefetch:1
  2⤵
  PID:404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1552,863953847904152413,15552189360650861117,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3620 /prefetch:1
  2⤵
  PID:4548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1552,863953847904152413,15552189360650861117,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3956 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1552,863953847904152413,15552189360650861117,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4468 /prefetch:8
  2⤵
  PID:2668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1552,863953847904152413,15552189360650861117,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4744 /prefetch:8
  2⤵
  PID:1156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1552,863953847904152413,15552189360650861117,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4448 /prefetch:8
  2⤵
  PID:4920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1552,863953847904152413,15552189360650861117,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5004 /prefetch:8
  2⤵
  PID:4836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1552,863953847904152413,15552189360650861117,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4672 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1552,863953847904152413,15552189360650861117,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5132 /prefetch:8
  2⤵
  PID:3040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1552,863953847904152413,15552189360650861117,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5124 /prefetch:8
  2⤵
  PID:3744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1552,863953847904152413,15552189360650861117,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5232 /prefetch:8
  2⤵
  PID:4984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1552,863953847904152413,15552189360650861117,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4592 /prefetch:1
  2⤵
  PID:3112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1552,863953847904152413,15552189360650861117,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5108 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1552,863953847904152413,15552189360650861117,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 /prefetch:8
  2⤵
  PID:984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1552,863953847904152413,15552189360650861117,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2100 /prefetch:8
  2⤵
  PID:2668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1552,863953847904152413,15552189360650861117,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5124 /prefetch:8
  2⤵
  PID:3476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1552,863953847904152413,15552189360650861117,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2564 /prefetch:8
  2⤵
  PID:3744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1552,863953847904152413,15552189360650861117,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2176 /prefetch:8
  2⤵
  PID:1160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1552,863953847904152413,15552189360650861117,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5064 /prefetch:8
  2⤵
  PID:2348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1552,863953847904152413,15552189360650861117,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5184 /prefetch:8
  2⤵
  PID:2088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1552,863953847904152413,15552189360650861117,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4948 /prefetch:8
  2⤵
  PID:5176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1552,863953847904152413,15552189360650861117,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5648 /prefetch:8
  2⤵
  PID:5200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1552,863953847904152413,15552189360650861117,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5364 /prefetch:8
  2⤵
  PID:5192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1552,863953847904152413,15552189360650861117,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5020 /prefetch:8
  2⤵
  PID:5184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1552,863953847904152413,15552189360650861117,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5320 /prefetch:1
  2⤵
  PID:5304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1552,863953847904152413,15552189360650861117,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2964 /prefetch:8
  2⤵
  PID:5376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1552,863953847904152413,15552189360650861117,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:5444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1552,863953847904152413,15552189360650861117,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3920 /prefetch:8
  2⤵
  PID:5524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1552,863953847904152413,15552189360650861117,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=808 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:5592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1552,863953847904152413,15552189360650861117,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5244 /prefetch:8
  2⤵
  PID:5652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1552,863953847904152413,15552189360650861117,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=812 /prefetch:8
  2⤵
  PID:5728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1552,863953847904152413,15552189360650861117,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5876 /prefetch:8
  2⤵
  PID:5820

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3796

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x300 0x45c
1⤵
PID:5412

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5924

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2940

C:\Users\Admin\Desktop\VTProblem-VM (2).exe
"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"
1⤵
- Checks computer location settings
- Loads dropped DLL
PID:4820
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  - Checks SCSI registry key(s)
  PID:2992
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:4184
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:5556
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:3652
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version
    3⤵
    PID:5612
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic CSPRODUCT get
    3⤵
    PID:5712
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed
    3⤵
    PID:5828
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
    3⤵
    PID:5844
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "tasklist
  2⤵
  PID:4536
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist
    3⤵
    PID:5768

C:\Users\Admin\Desktop\VTProblem-VM (2).exe
"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"
1⤵
- Checks computer location settings
- Loads dropped DLL
PID:5480
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  - Checks SCSI registry key(s)
  PID:5364
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:540
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:5396
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:1444
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version
    3⤵
    PID:1896
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic CSPRODUCT get
    3⤵
    PID:3612
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed
    3⤵
    PID:6004
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
    3⤵
    PID:204
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "tasklist
  2⤵
  PID:5304
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist
    3⤵
    PID:1048

C:\Users\Admin\Desktop\VTProblem-VM (2).exe
"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"
1⤵
- Checks computer location settings
- Loads dropped DLL
PID:4808
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  - Checks SCSI registry key(s)
  PID:4684
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:4560
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:1520
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:4048
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version
    3⤵
    PID:1844
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic CSPRODUCT get
    3⤵
    PID:4304
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed
    3⤵
    PID:5188
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
    3⤵
    PID:3796
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "tasklist
  2⤵
  PID:2308
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist
    3⤵
    PID:5300

C:\Users\Admin\Desktop\VTProblem-VM (2).exe
"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"
1⤵
- Checks computer location settings
- Loads dropped DLL
PID:1196
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  - Checks SCSI registry key(s)
  PID:4972
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:3328
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:4780
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:924
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version
    3⤵
    PID:3232
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic CSPRODUCT get
    3⤵
    PID:1232
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed
    3⤵
    PID:5540
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
    3⤵
    PID:5812
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "tasklist
  2⤵
  PID:5628
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist
    3⤵
    PID:5848

C:\Users\Admin\Desktop\VTProblem-VM (2).exe
"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"
1⤵
- Checks computer location settings
- Loads dropped DLL
PID:2888
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  - Checks SCSI registry key(s)
  PID:2816
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:5752
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:4008
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:8260
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version
    3⤵
    PID:4356
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic CSPRODUCT get
    3⤵
    PID:10136
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed
    3⤵
    PID:7820
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
    3⤵
    PID:9796
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "tasklist
  2⤵
  PID:9220
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist
    3⤵
    PID:8900

C:\Users\Admin\Desktop\VTProblem-VM (2).exe
"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"
1⤵
- Checks computer location settings
- Loads dropped DLL
PID:5052
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:5180
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:5276
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:6900
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:9328
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version
    3⤵
    PID:9392
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic CSPRODUCT get
    3⤵
    PID:7404
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed
    3⤵
    PID:7172
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
    3⤵
    PID:9176
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "tasklist
  2⤵
  PID:6096
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist
    3⤵
    PID:10236

C:\Users\Admin\Desktop\VTProblem-VM (2).exe
"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"
1⤵
- Checks computer location settings
- Loads dropped DLL
PID:1140
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:5196
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:6844
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:9344
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version
    3⤵
    PID:6848
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic CSPRODUCT get
    3⤵
    PID:8488
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed
    3⤵
    PID:7500
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
    3⤵
    PID:10012
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:3356
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "tasklist
  2⤵
  PID:5932
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist
    3⤵
    PID:10684

C:\Users\Admin\Desktop\VTProblem-VM (2).exe
"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"
1⤵
- Loads dropped DLL
PID:5744
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:6104
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:5136
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:6908
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:9236
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version
    3⤵
    PID:9176
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic CSPRODUCT get
    3⤵
    PID:3508
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed
    3⤵
    PID:5928
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
    3⤵
    PID:7196
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "tasklist
  2⤵
  PID:7488
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist
    3⤵
    - Enumerates processes with tasklist
    PID:10364

C:\Users\Admin\Desktop\VTProblem-VM (2).exe
"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"
1⤵
- Checks computer location settings
- Loads dropped DLL
PID:1980
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:5192
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:1908
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:5320
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:9868
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version
    3⤵
    PID:9632
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic CSPRODUCT get
    3⤵
    PID:9684
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed
    3⤵
    PID:9280
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
    3⤵
    PID:5240
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "tasklist
  2⤵
  PID:7956
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist
    3⤵
    PID:1248

C:\Users\Admin\Desktop\VTProblem-VM (2).exe
"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"
1⤵
- Checks computer location settings
- Loads dropped DLL
PID:2996
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:5800
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:2152
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:9916
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version
    3⤵
    PID:6908
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic CSPRODUCT get
    3⤵
    PID:7860
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed
    3⤵
    PID:7984
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
    3⤵
    PID:4956
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:5496
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "tasklist
  2⤵
  PID:10940
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist
    3⤵
    - Enumerates processes with tasklist
    PID:4816

C:\Users\Admin\Desktop\VTProblem-VM (2).exe
"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"
1⤵
- Loads dropped DLL
PID:1700
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:5216
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:5304
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:5264
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:9908
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version
    3⤵
    PID:9800
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic CSPRODUCT get
    3⤵
    PID:9232
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed
    3⤵
    PID:8904
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
    3⤵
    PID:8432
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "tasklist
  2⤵
  PID:9260
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist
    3⤵
    - Enumerates processes with tasklist
    PID:5200

C:\Users\Admin\Desktop\VTProblem-VM (2).exe
"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"
1⤵
- Checks computer location settings
- Loads dropped DLL
PID:4868
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:6112
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:6552
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:9948
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version
    3⤵
    PID:9340
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic CSPRODUCT get
    3⤵
    PID:9388
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed
    3⤵
    PID:9092
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
    3⤵
    PID:9160
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:5520
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "tasklist
  2⤵
  PID:10876

C:\Users\Admin\Desktop\VTProblem-VM (2).exe
"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"
1⤵
- Checks computer location settings
- Loads dropped DLL
PID:2132
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:3024
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:7308
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:10028
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version
    3⤵
    PID:9740
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic CSPRODUCT get
    3⤵
    PID:9524
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed
    3⤵
    PID:6848
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
    3⤵
    PID:8216
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  - Checks SCSI registry key(s)
  PID:2948
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "tasklist
  2⤵
  PID:10884
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist
    3⤵
    PID:4112

C:\Users\Admin\Desktop\VTProblem-VM (2).exe
"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"
1⤵
- Checks computer location settings
- Loads dropped DLL
PID:2616
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:5876
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:5812
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:9940
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version
    3⤵
    PID:6900
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic CSPRODUCT get
    3⤵
    PID:9168
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed
    3⤵
    PID:9608
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
    3⤵
    PID:8964
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:5804
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "tasklist
  2⤵
  PID:10356
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist
    3⤵
    - Enumerates processes with tasklist
    PID:3856

C:\Users\Admin\Desktop\VTProblem-VM (2).exe
"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"
1⤵
- Checks computer location settings
- Loads dropped DLL
PID:1184
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:5420
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:7196
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:10036
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version
    3⤵
    PID:9708
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic CSPRODUCT get
    3⤵
    PID:9256
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed
    3⤵
    PID:8716
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
    3⤵
    PID:3584
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:5648
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "tasklist
  2⤵
  PID:9156
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist
    3⤵
    PID:5288

C:\Users\Admin\Desktop\VTProblem-VM (2).exe
"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"
1⤵
- Checks computer location settings
- Loads dropped DLL
PID:6000
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:5076
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:7316
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:10056
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version
    3⤵
    PID:9772
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic CSPRODUCT get
    3⤵
    PID:9844
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed
    3⤵
    PID:9136
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
    3⤵
    PID:9472
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:4488
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "tasklist
  2⤵
  PID:11656

C:\Users\Admin\Desktop\VTProblem-VM (2).exe
"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"
1⤵
- Loads dropped DLL
PID:5388
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:1496
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:7348
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:10120
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version
    3⤵
    PID:7236
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic CSPRODUCT get
    3⤵
    PID:9044
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed
    3⤵
    PID:7444
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
    3⤵
    PID:7804
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:2840
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "tasklist
  2⤵
  PID:3652
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist
    3⤵
    PID:11772

C:\Users\Admin\Desktop\VTProblem-VM (2).exe
"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"
1⤵
- Loads dropped DLL
PID:5464
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:4220
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:7356
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:10048
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version
    3⤵
    PID:9332
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic CSPRODUCT get
    3⤵
    PID:9140
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed
    3⤵
    PID:8484
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
    3⤵
    PID:8448
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:4728
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "tasklist
  2⤵
  PID:4380
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist
    3⤵
    PID:12180

C:\Users\Admin\Desktop\VTProblem-VM (2).exe
"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"
1⤵
- Checks computer location settings
- Loads dropped DLL
PID:2112
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:4616
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:7448
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:10068
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version
    3⤵
    PID:9812
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic CSPRODUCT get
    3⤵
    PID:9300
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed
    3⤵
    PID:9180
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
    3⤵
    PID:8836
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:5708
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "tasklist
  2⤵
  PID:4200
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist
    3⤵
    - Enumerates processes with tasklist
    PID:12092

C:\Users\Admin\Desktop\VTProblem-VM (2).exe
"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"
1⤵
- Loads dropped DLL
PID:6108
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:2956
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:6164
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:8056
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:10232
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version
    3⤵
    PID:8228
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic CSPRODUCT get
    3⤵
    PID:9900
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed
    3⤵
    PID:9916
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
    3⤵
    PID:9300
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "tasklist
  2⤵
  PID:6800
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist
    3⤵
    PID:7780

C:\Users\Admin\Desktop\VTProblem-VM (2).exe
"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"
1⤵
- Loads dropped DLL
PID:5384
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:1456
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:7828
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:10088
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version
    3⤵
    PID:9996
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic CSPRODUCT get
    3⤵
    PID:9948
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed
    3⤵
    PID:5812
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
    3⤵
    PID:7864
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:5284
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "tasklist
  2⤵
  PID:11332

C:\Users\Admin\Desktop\VTProblem-VM (2).exe
"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"
1⤵
- Loads dropped DLL
PID:2648
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:1232
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:8124
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:10112
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version
    3⤵
    PID:8104
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic CSPRODUCT get
    3⤵
    PID:8440
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed
    3⤵
    PID:6912
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
    3⤵
    PID:8480
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:5268
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "tasklist
  2⤵
  PID:7800
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist
    3⤵
    PID:11952

C:\Users\Admin\Desktop\VTProblem-VM (2).exe
"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"
1⤵
- Loads dropped DLL
PID:6128
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:2304
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:7820
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:9932
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version
    3⤵
    PID:9336
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic CSPRODUCT get
    3⤵
    PID:7740
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed
    3⤵
    PID:9604
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
    3⤵
    PID:9688
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:2940
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "tasklist
  2⤵
  PID:9344
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist
    3⤵
    PID:12104

C:\Users\Admin\Desktop\VTProblem-VM (2).exe
"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"
1⤵
- Checks computer location settings
- Loads dropped DLL
PID:5400
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:5608
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:5604
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:7364
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:10008
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version
    3⤵
    PID:9628
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic CSPRODUCT get
    3⤵
    PID:7988
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed
    3⤵
    PID:3256
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
    3⤵
    PID:10180
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "tasklist
  2⤵
  PID:10832
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist
    3⤵
    PID:12116

C:\Users\Admin\Desktop\VTProblem-VM (2).exe
"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"
1⤵
- Checks computer location settings
- Loads dropped DLL
PID:972
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:4296
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:7176
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:9924
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version
    3⤵
    PID:9700
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic CSPRODUCT get
    3⤵
    PID:8312
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed
    3⤵
    PID:8100
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
    3⤵
    PID:6268
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:4624
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "tasklist
  2⤵
  PID:540
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist
    3⤵
    PID:9608
- - C:\Windows\System32\Conhost.exe
    \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    3⤵
    PID:8380

C:\Users\Admin\Desktop\VTProblem-VM (2).exe
"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"
1⤵
- Checks computer location settings
- Loads dropped DLL
PID:3820
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:5132
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:3968
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:6948
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:9664
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version
    3⤵
    PID:9160
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic CSPRODUCT get
    3⤵
    PID:8640
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed
    3⤵
    PID:7832
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
    3⤵
    PID:7952
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "tasklist
  2⤵
  PID:4216
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist
    3⤵
    PID:10660

C:\Users\Admin\Desktop\VTProblem-VM (2).exe
"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"
1⤵
- Checks computer location settings
- Loads dropped DLL
PID:4104
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:6992
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:8636
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:7824
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version
    3⤵
    PID:10216
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic CSPRODUCT get
    3⤵
    PID:10068
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed
    3⤵
    PID:7240
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
    3⤵
    PID:9340
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:6976
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "tasklist
  2⤵
  PID:10300
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist
    3⤵
    PID:8464

C:\Users\Admin\Desktop\VTProblem-VM (2).exe
"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"
1⤵
- Loads dropped DLL
PID:568
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:7004
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:8716
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:8472
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version
    3⤵
    PID:10192
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic CSPRODUCT get
    3⤵
    PID:10172
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed
    3⤵
    PID:9940
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
    3⤵
    PID:9896
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:6968
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "tasklist
  2⤵
  PID:11928
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist
    3⤵
    - Enumerates processes with tasklist
    PID:7968

C:\Users\Admin\Desktop\VTProblem-VM (2).exe
"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"
1⤵
- Checks computer location settings
- Loads dropped DLL
PID:3632
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:7032
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:8728
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:8456
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version
    3⤵
    PID:8380
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic CSPRODUCT get
    3⤵
    PID:9468
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed
    3⤵
    PID:9732
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
    3⤵
    PID:7156
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:7016
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "tasklist
  2⤵
  PID:11420

C:\Users\Admin\Desktop\VTProblem-VM (2).exe
"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"
1⤵
- Checks computer location settings
- Loads dropped DLL
PID:5860
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:7640
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:9180
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:8204
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version
    3⤵
    PID:8368
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic CSPRODUCT get
    3⤵
    PID:9972
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed
    3⤵
    PID:9424
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
    3⤵
    PID:9044
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:7520
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "tasklist
  2⤵
  PID:5280

C:\Users\Admin\Desktop\VTProblem-VM (2).exe
"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"
1⤵
- Checks computer location settings
- Loads dropped DLL
PID:5596
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:7536
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:7660
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:9188
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:7952
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version
    3⤵
    PID:8788
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic CSPRODUCT get
    3⤵
    PID:5988
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed
    3⤵
    PID:10008
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
    3⤵
    PID:9288
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "tasklist
  2⤵
  PID:5756
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist
    3⤵
    PID:9524

C:\Users\Admin\Desktop\VTProblem-VM (2).exe
"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"
1⤵
- Checks computer location settings
- Loads dropped DLL
PID:3648
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:7144
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:8912
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:5908
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version
    3⤵
    PID:8244
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic CSPRODUCT get
    3⤵
    PID:9452
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed
    3⤵
    PID:8612
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
    3⤵
    PID:8496
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:7132
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "tasklist
  2⤵
  PID:11284

C:\Users\Admin\Desktop\VTProblem-VM (2).exe
"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"
1⤵
- Loads dropped DLL
PID:2564
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:7040
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:8828
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:7452
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version
    3⤵
    PID:7180
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic CSPRODUCT get
    3⤵
    PID:8472
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed
    3⤵
    PID:8452
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
    3⤵
    PID:6140
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:7024
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "tasklist
  2⤵
  PID:8924
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist
    3⤵
    PID:13956

C:\Users\Admin\Desktop\VTProblem-VM (2).exe
"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"
1⤵
- Checks computer location settings
- Loads dropped DLL
PID:2812
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:7068
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:8736
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:7116
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version
    3⤵
    PID:10080
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic CSPRODUCT get
    3⤵
    PID:5504
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed
    3⤵
    PID:9412
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
    3⤵
    PID:7860
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:7060
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "tasklist
  2⤵
  PID:11372

C:\Users\Admin\Desktop\VTProblem-VM (2).exe
"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"
1⤵
- Checks computer location settings
- Loads dropped DLL
PID:5372
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:6932
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:8620
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:6228
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version
    3⤵
    PID:10152
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic CSPRODUCT get
    3⤵
    PID:9500
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed
    3⤵
    PID:6152
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
    3⤵
    PID:6644
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:6888
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "tasklist
  2⤵
  PID:7724

C:\Users\Admin\Desktop\VTProblem-VM (2).exe
"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"
1⤵
- Checks computer location settings
- Loads dropped DLL
PID:4840
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:6984
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:8696
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:5864
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version
    3⤵
    PID:2272
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic CSPRODUCT get
    3⤵
    PID:9920
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed
    3⤵
    PID:9772
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
    3⤵
    PID:9892
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  - Checks SCSI registry key(s)
  PID:6960
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "tasklist
  2⤵
  PID:2208
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist
    3⤵
    PID:8164

C:\Users\Admin\Desktop\VTProblem-VM (2).exe
"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"
1⤵
- Checks computer location settings
- Loads dropped DLL
PID:6180
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:7764
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:7796
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:1336
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version
    3⤵
    PID:6188
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic CSPRODUCT get
    3⤵
    PID:10212
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed
    3⤵
    PID:9904
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
    3⤵
    PID:9932
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:7612
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "tasklist
  2⤵
  PID:7608
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist
    3⤵
    - Enumerates processes with tasklist
    PID:3280

C:\Users\Admin\Desktop\VTProblem-VM (2).exe
"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"
1⤵
- Loads dropped DLL
PID:5912
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:7620
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:9156
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:7836
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version
    3⤵
    PID:9012
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic CSPRODUCT get
    3⤵
    PID:6552
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed
    3⤵
    PID:9792
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
    3⤵
    PID:9900
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:7512
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "tasklist
  2⤵
  PID:11664

C:\Users\Admin\Desktop\VTProblem-VM (2).exe
"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"
1⤵
- Checks computer location settings
- Loads dropped DLL
PID:6308
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:7544
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:9164
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:8644
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version
    3⤵
    PID:10060
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic CSPRODUCT get
    3⤵
    PID:5932
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:10096
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed
    3⤵
    PID:10164
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
    3⤵
    PID:9884
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:7528
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "tasklist
  2⤵
  PID:11532
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist
    3⤵
    - Enumerates processes with tasklist
    PID:8148

C:\Users\Admin\Desktop\VTProblem-VM (2).exe
"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"
1⤵
- Checks computer location settings
- Loads dropped DLL
PID:6292
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:7700
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:9208
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:7320
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version
    3⤵
    PID:10108
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic CSPRODUCT get
    3⤵
    PID:8260
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed
    3⤵
    PID:10232
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
    3⤵
    PID:9668
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:7668
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "tasklist
  2⤵
  PID:12732
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist
    3⤵
    PID:13512

C:\Users\Admin\Desktop\VTProblem-VM (2).exe
"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"
1⤵
- Checks computer location settings
- Loads dropped DLL
PID:6472
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:8040
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:7944
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:4316
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version
    3⤵
    PID:8160
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed
    3⤵
    PID:6948
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic CSPRODUCT get
    3⤵
    PID:8728
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
    3⤵
    PID:9200
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:8028
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "tasklist
  2⤵
  PID:11100
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist
    3⤵
    PID:12816

C:\Users\Admin\Desktop\VTProblem-VM (2).exe
"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"
1⤵
- Checks computer location settings
- Loads dropped DLL
PID:6740
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:7516
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:8448
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:6512
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version
    3⤵
    PID:8432
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic CSPRODUCT get
    3⤵
    PID:9968
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed
    3⤵
    PID:9924
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
    3⤵
    PID:9264
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:6652
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "tasklist
  2⤵
  PID:8012

C:\Users\Admin\Desktop\VTProblem-VM (2).exe
"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"
1⤵
- Checks computer location settings
- Loads dropped DLL
PID:7184
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:8384
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:8516
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:8196
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version
    3⤵
    PID:7028
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic CSPRODUCT get
    3⤵
    PID:10124
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed
    3⤵
    PID:7316
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
    3⤵
    PID:8412
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  - Checks SCSI registry key(s)
  PID:8316
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "tasklist
  2⤵
  PID:12548
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist
    3⤵
    PID:13244

C:\Users\Admin\Desktop\VTProblem-VM (2).exe
"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"
1⤵
- Checks computer location settings
- Loads dropped DLL
PID:7472
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:8800
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:9272
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:8732
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version
    3⤵
    PID:8780
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic CSPRODUCT get
    3⤵
    PID:10032
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed
    3⤵
    PID:9888
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
    3⤵
    PID:9820
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:8664
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "tasklist
  2⤵
  PID:1820
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist
    3⤵
    PID:10820

C:\Users\Admin\Desktop\VTProblem-VM (2).exe
"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"
1⤵
- Checks computer location settings
- Loads dropped DLL
PID:8136
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:8888
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:9448
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:9364
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version
    3⤵
    PID:7796
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic CSPRODUCT get
    3⤵
    PID:6508
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed
    3⤵
    PID:9100
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
    3⤵
    PID:4980
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:8864
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "tasklist
  2⤵
  PID:13124
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist
    3⤵
    PID:13748

C:\Users\Admin\Desktop\VTProblem-VM (2).exe
"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"
1⤵
- Checks computer location settings
- Loads dropped DLL
PID:7744
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:8880
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:9424
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:9040
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version
    3⤵
    PID:8912
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic CSPRODUCT get
    3⤵
    PID:7380
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed
    3⤵
    PID:9308
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
    3⤵
    PID:8060
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:8792
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "tasklist
  2⤵
  PID:9116
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist
    3⤵
    - Enumerates processes with tasklist
    PID:14000

C:\Users\Admin\Desktop\VTProblem-VM (2).exe
"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"
1⤵
- Loads dropped DLL
PID:7676
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:8424
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:8964
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:3584
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version
    3⤵
    PID:7688
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic CSPRODUCT get
    3⤵
    PID:5888
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed
    3⤵
    PID:7852
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
    3⤵
    PID:9560
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:8404
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "tasklist
  2⤵
  PID:13080
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist
    3⤵
    PID:13676

C:\Users\Admin\Desktop\VTProblem-VM (2).exe
"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"
1⤵
- Loads dropped DLL
PID:7300
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:8520
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:8768
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:8720
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version
    3⤵
    PID:8740
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic CSPRODUCT get
    3⤵
    PID:5864
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed
    3⤵
    PID:8896
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
    3⤵
    PID:7600
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:8392
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "tasklist
  2⤵
  PID:12668
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist
    3⤵
    - Enumerates processes with tasklist
    PID:13448

C:\Users\Admin\Desktop\VTProblem-VM (2).exe
"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"
1⤵
- Checks computer location settings
- Loads dropped DLL
PID:7292
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:8356
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:9260
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:6972
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version
    3⤵
    PID:9308
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic CSPRODUCT get
    3⤵
    PID:10072
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed
    3⤵
    PID:7348
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
    3⤵
    PID:5988
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:8348
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "tasklist
  2⤵
  PID:12368
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist
    3⤵
    PID:13376

C:\Users\Admin\Desktop\VTProblem-VM (2).exe
"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"
1⤵
- Checks computer location settings
- Loads dropped DLL
PID:8872
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:9504
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:9548
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:10104
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:9716
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version
    3⤵
    PID:8608
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic CSPRODUCT get
    3⤵
    PID:5980
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed
    3⤵
    PID:7320
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
    3⤵
    PID:10028
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "tasklist
  2⤵
  PID:14272
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist
    3⤵
    PID:14552

C:\Users\Admin\Desktop\VTProblem-VM (2).exe
"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"
1⤵
- Checks computer location settings
- Loads dropped DLL
PID:8592
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:9480
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:10096
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:9816
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version
    3⤵
    PID:8568
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic CSPRODUCT get
    3⤵
    PID:9464
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed
    3⤵
    PID:9364
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
    3⤵
    PID:876
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:9440
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "tasklist
  2⤵
  PID:14408
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist
    3⤵
    - Enumerates processes with tasklist
    PID:15052

C:\Users\Admin\Desktop\VTProblem-VM (2).exe
"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"
1⤵
- Checks computer location settings
- Loads dropped DLL
PID:8416
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:9488
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:9992
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:6288
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version
    3⤵
    PID:1896
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic CSPRODUCT get
    3⤵
    PID:8636
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed
    3⤵
    PID:8376
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
    3⤵
    PID:8296
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:9432
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "tasklist
  2⤵
  PID:13736
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist
    3⤵
    - Enumerates processes with tasklist
    PID:6336

C:\Users\Admin\Desktop\VTProblem-VM (2).exe
"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"
1⤵
- Checks computer location settings
- Loads dropped DLL
PID:7820
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:10916
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:14572
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version
    3⤵
    PID:13808
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic CSPRODUCT get
    3⤵
    PID:14668
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed
    3⤵
    PID:9000
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
    3⤵
    PID:5140
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:10864
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "tasklist
  2⤵
  PID:13408

C:\Users\Admin\Desktop\VTProblem-VM (2).exe
"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"
1⤵
- Checks computer location settings
- Loads dropped DLL
PID:8860
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:8484
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:11896
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:14664
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version
    3⤵
    PID:14148
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic CSPRODUCT get
    3⤵
    PID:10488
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed
    3⤵
    PID:13524
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
    3⤵
    PID:8656
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:5868

C:\Users\Admin\Desktop\VTProblem-VM (2).exe
"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"
1⤵
- Checks computer location settings
- Loads dropped DLL
PID:3416
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:7728
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:7492
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:15332
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version
    3⤵
    PID:15044
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic CSPRODUCT get
    3⤵
    PID:13788
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed
    3⤵
    PID:11304
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
    3⤵
    PID:13324
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:9912
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "tasklist
  2⤵
  PID:14356

C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
1⤵
PID:10108

C:\Users\Admin\Desktop\VTProblem-VM (2).exe
"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"
1⤵
- Loads dropped DLL
PID:9572
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:5336
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:10292
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:15324
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version
    3⤵
    PID:9204
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic CSPRODUCT get
    3⤵
    PID:14564
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed
    3⤵
    PID:12772
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
    3⤵
    PID:13212
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:5704
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "tasklist
  2⤵
  PID:13088

C:\Users\Admin\Desktop\VTProblem-VM (2).exe
"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"
1⤵
- Checks computer location settings
- Loads dropped DLL
PID:10056
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:7176
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:9196
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:14404
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version
    3⤵
    PID:15048
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic CSPRODUCT get
    3⤵
    PID:13636
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed
    3⤵
    PID:13564
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
    3⤵
    PID:13444
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "tasklist
  2⤵
  PID:7560

C:\Users\Admin\Desktop\VTProblem-VM (2).exe
"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"
1⤵
PID:10220
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:1256
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:9084
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:12496
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version
    3⤵
    PID:14416
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic CSPRODUCT get
    3⤵
    PID:15024
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed
    3⤵
    PID:13940
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "tasklist
  2⤵
  PID:11256
- - C:\Windows\System32\Conhost.exe
    \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    3⤵
    PID:13732
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist
    3⤵
    PID:15296

C:\Users\Admin\Desktop\VTProblem-VM (2).exe
"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"
1⤵
- Checks computer location settings
PID:6508
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:6328
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:10192
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version
    3⤵
    PID:15116
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic CSPRODUCT get
    3⤵
    PID:13496
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed
    3⤵
    PID:12268
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
    3⤵
    PID:13728
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:6432
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "tasklist
  2⤵
  PID:2668

C:\Users\Admin\Desktop\VTProblem-VM (2).exe
"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"
1⤵
- Checks computer location settings
- Loads dropped DLL
PID:8728
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:9412
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:7052
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:15132
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version
    3⤵
    PID:14908
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic CSPRODUCT get
    3⤵
    PID:14568
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed
    3⤵
    PID:14052
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
    3⤵
    PID:15096
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:8476
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "tasklist
  2⤵
  PID:13600
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist
    3⤵
    PID:11936

C:\Users\Admin\Desktop\VTProblem-VM (2).exe
"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"
1⤵
PID:10172
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:9388
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:12268
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:15008
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version
    3⤵
    PID:4460
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic CSPRODUCT get
    3⤵
    PID:13728
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed
    3⤵
    PID:9924
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
    3⤵
    PID:12600
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:1460

C:\Users\Admin\Desktop\VTProblem-VM (2).exe
"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"
1⤵
PID:7364
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:9708
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:9252
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:6892
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:15308
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version
    3⤵
    PID:15216
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic CSPRODUCT get
    3⤵
    PID:12200
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed
    3⤵
    PID:13200
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
    3⤵
    PID:8976
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "tasklist
  2⤵
  PID:15128

C:\Users\Admin\Desktop\VTProblem-VM (2).exe
"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"
1⤵
PID:8932
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:11040
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:11144
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:11512
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:14564
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version
    3⤵
    PID:13180
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic CSPRODUCT get
    3⤵
    PID:12920
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed
    3⤵
    PID:13528
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
    3⤵
    PID:13328
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "tasklist
  2⤵
  PID:15160
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist
    3⤵
    - Enumerates processes with tasklist
    PID:11056

C:\Users\Admin\Desktop\VTProblem-VM (2).exe
"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"
1⤵
- Loads dropped DLL
PID:9528
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:10776
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:4460
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:14256
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version
    3⤵
    PID:8360
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic CSPRODUCT get
    3⤵
    PID:14060
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed
    3⤵
    PID:3728
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
    3⤵
    PID:14164
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  - Checks SCSI registry key(s)
  PID:10712

C:\Users\Admin\Desktop\VTProblem-VM (2).exe
"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"
1⤵
PID:10152
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:10732
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:10744
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:9204
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:5448
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version
    3⤵
    PID:9496
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic CSPRODUCT get
    3⤵
    PID:14164
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed
    3⤵
    PID:13068
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
    3⤵
    PID:14696
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "tasklist
  2⤵
  PID:14292
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist
    3⤵
    PID:14220

C:\Users\Admin\Desktop\VTProblem-VM (2).exe
"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"
1⤵
- Checks computer location settings
PID:8196
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:11544
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:12448
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version
    3⤵
    PID:15160
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic CSPRODUCT get
    3⤵
    PID:12804
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed
    3⤵
    PID:13604
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:11436

C:\Users\Admin\Desktop\VTProblem-VM (2).exe
"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"
1⤵
- Checks computer location settings
PID:9328
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:11556
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:11676
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:12520
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:12632
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version
    3⤵
    PID:11904
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic CSPRODUCT get
    3⤵
    PID:15340
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed
    3⤵
    PID:14600
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
    3⤵
    PID:12804

C:\Users\Admin\Desktop\VTProblem-VM (2).exe
"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"
1⤵
PID:10348
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:11932
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:7116
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version
    3⤵
    PID:15320
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic CSPRODUCT get
    3⤵
    PID:15164
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed
    3⤵
    PID:15344
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:11880

C:\Users\Admin\Desktop\VTProblem-VM (2).exe
"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"
1⤵
PID:10548
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:12052
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:12904
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:14848
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version
    3⤵
    PID:4560
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic CSPRODUCT get
    3⤵
    PID:13372
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed
    3⤵
    PID:8152
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:11984
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "tasklist
  2⤵
  PID:14880

C:\Users\Admin\Desktop\VTProblem-VM (2).exe
"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"
1⤵
PID:10572
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:12060
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:12924
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:12016
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version
    3⤵
    PID:13020
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic CSPRODUCT get
    3⤵
    PID:14012
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed
    3⤵
    PID:15040
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
    3⤵
    PID:4904
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:11972
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "tasklist
  2⤵
  PID:9136

C:\Users\Admin\Desktop\VTProblem-VM (2).exe
"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"
1⤵
- Checks computer location settings
PID:10752
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:10164
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:11440
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:10104
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:12516
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version
    3⤵
    PID:11516
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic CSPRODUCT get
    3⤵
    PID:15084
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed
    3⤵
    PID:14624
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
    3⤵
    PID:13920

C:\Users\Admin\Desktop\VTProblem-VM (2).exe
"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"
1⤵
PID:10652
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:12156
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:12992
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version
    3⤵
    PID:14944
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:11732
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic CSPRODUCT get
    3⤵
    PID:7240
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed
    3⤵
    PID:5184
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
    3⤵
    PID:15308
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:12144

C:\Users\Admin\Desktop\VTProblem-VM (2).exe
"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"
1⤵
- Checks computer location settings
PID:11152
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:2248
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:9132
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:13068
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version
    3⤵
    PID:15268
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic CSPRODUCT get
    3⤵
    PID:7116
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed
    3⤵
    PID:14036
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
    3⤵
    PID:14416
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:5784

C:\Users\Admin\Desktop\VTProblem-VM (2).exe
"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"
1⤵
PID:11200
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:10112
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:10264
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:12796
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version
    3⤵
    PID:13216
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:10260
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic CSPRODUCT get
    3⤵
    PID:14964
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed
    3⤵
    PID:15152
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
    3⤵
    PID:11896

C:\Users\Admin\Desktop\VTProblem-VM (2).exe
"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"
1⤵
PID:6812
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:5840
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:8948
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:12600
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version
    3⤵
    PID:14436
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic CSPRODUCT get
    3⤵
    PID:12500
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed
    3⤵
    PID:13588
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
    3⤵
    PID:14668
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:7768

C:\Users\Admin\Desktop\VTProblem-VM (2).exe
"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"
1⤵
PID:10168
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:12688
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:13492
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:13812
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version
    3⤵
    PID:15128
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic CSPRODUCT get
    3⤵
    PID:12524
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed
    3⤵
    PID:15180
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
    3⤵
    PID:14980
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:12596

C:\Users\Admin\Desktop\VTProblem-VM (2).exe
"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"
1⤵
- Checks computer location settings
PID:6700
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:12416
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:13384
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:13336
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version
    3⤵
    PID:12916
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic CSPRODUCT get
    3⤵
    PID:14524
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed
    3⤵
    PID:15268
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
    3⤵
    PID:12696
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:12348

C:\Users\Admin\Desktop\VTProblem-VM (2).exe
"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"
1⤵
PID:5344
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:9392
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:8804
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:13324
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version
    3⤵
    PID:3308
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:2668
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic CSPRODUCT get
    3⤵
    PID:9108
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed
    3⤵
    PID:1452
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
    3⤵
    PID:6416

C:\Users\Admin\Desktop\VTProblem-VM (2).exe
"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"
1⤵
- Checks computer location settings
PID:6908
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:5428
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:9148
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:9280
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version
    3⤵
    PID:12972
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic CSPRODUCT get
    3⤵
    PID:15156
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed
    3⤵
    PID:13720
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:6208

C:\Users\Admin\Desktop\VTProblem-VM (2).exe
"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"
1⤵
- Checks computer location settings
PID:9184
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:12708
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:13500
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version
    3⤵
    PID:8960
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:13732
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic CSPRODUCT get
    3⤵
    PID:14856
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed
    3⤵
    PID:15320
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
    3⤵
    PID:14240
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:12608

C:\Users\Admin\Desktop\VTProblem-VM (2).exe
"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"
1⤵
PID:10208
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:13796
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:9616
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:13604
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version
    3⤵
    PID:11324
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic CSPRODUCT get
    3⤵
    PID:14968
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed
    3⤵
    PID:8948
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
    3⤵
    PID:15084
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:13716

C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
1⤵
PID:9308

C:\Windows\SysWOW64\tasklist.exe
tasklist
1⤵
PID:5696

C:\Windows\SysWOW64\tasklist.exe
tasklist
1⤵
PID:8008

C:\Windows\SysWOW64\Wbem\WMIC.exe
wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
1⤵
PID:7588

C:\Windows\SysWOW64\Wbem\WMIC.exe
wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
1⤵
PID:9588

C:\Windows\SysWOW64\Wbem\WMIC.exe
wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
1⤵
PID:10464

C:\Users\Admin\Desktop\VTProblem-VM (2).exe
"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"
1⤵
PID:8896
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:13832
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:13884
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:14344
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:14240
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version
    3⤵
    PID:13552
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic CSPRODUCT get
    3⤵
    PID:12520
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed
    3⤵
    PID:13280
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
    3⤵
    PID:13596

C:\Users\Admin\Desktop\VTProblem-VM (2).exe
"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"
1⤵
PID:9368
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:13572
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:7584
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:14216
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version
    3⤵
    PID:14880
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic CSPRODUCT get
    3⤵
    PID:8444
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed
    3⤵
    PID:12356
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
    3⤵
    PID:15132
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:13540

C:\Windows\SysWOW64\tasklist.exe
tasklist
1⤵
- Enumerates processes with tasklist
PID:8856

C:\Windows\SysWOW64\Wbem\WMIC.exe
wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
1⤵
PID:12932

C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
1⤵
PID:13036
- C:\Windows\SysWOW64\Wbem\WMIC.exe
  wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
  2⤵
  PID:13668
- C:\Windows\SysWOW64\Wbem\WMIC.exe
  wmic baseboard get Manufacturer,Product,SerialNumber
  2⤵
  PID:13480
- C:\Windows\SysWOW64\Wbem\WMIC.exe
  wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version
  2⤵
  PID:8616
- C:\Windows\SysWOW64\Wbem\WMIC.exe
  wmic CSPRODUCT get
  2⤵
  PID:11816
- C:\Windows\SysWOW64\Wbem\WMIC.exe
  wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed
  2⤵
  PID:14372
- C:\Windows\SysWOW64\Wbem\WMIC.exe
  wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:14576

C:\Windows\SysWOW64\Taskmgr.exe
"C:\Windows\System32\Taskmgr.exe"
1⤵
PID:12968

C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
1⤵
PID:12716
- C:\Windows\SysWOW64\Wbem\WMIC.exe
  wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
  2⤵
  PID:13548
- C:\Windows\SysWOW64\Wbem\WMIC.exe
  wmic baseboard get Manufacturer,Product,SerialNumber
  2⤵
  PID:13444
- C:\Windows\SysWOW64\Wbem\WMIC.exe
  wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version
  2⤵
  PID:12044
- C:\Windows\SysWOW64\Wbem\WMIC.exe
  wmic CSPRODUCT get
  2⤵
  PID:12516
- C:\Windows\SysWOW64\Wbem\WMIC.exe
  wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed
  2⤵
  PID:9816
- C:\Windows\SysWOW64\Wbem\WMIC.exe
  wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:15116

C:\Windows\SysWOW64\Taskmgr.exe
"C:\Windows\System32\Taskmgr.exe"
1⤵
PID:12616

C:\Windows\SysWOW64\tasklist.exe
tasklist
1⤵
- Enumerates processes with tasklist
PID:12504

C:\Windows\SysWOW64\tasklist.exe
tasklist
1⤵
- Enumerates processes with tasklist
PID:12484

C:\Windows\SysWOW64\Wbem\WMIC.exe
wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
1⤵
PID:12432

C:\Windows\SysWOW64\tasklist.exe
tasklist
1⤵
PID:12424

C:\Windows\SysWOW64\tasklist.exe
tasklist
1⤵
- Enumerates processes with tasklist
PID:12324

C:\Windows\SysWOW64\tasklist.exe
tasklist
1⤵
- Enumerates processes with tasklist
PID:9024

C:\Users\Admin\Desktop\VTProblem-VM (2).exe
"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"
1⤵
PID:1096
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:13544
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:14880
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:13988
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version
    3⤵
    PID:13176
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic CSPRODUCT get
    3⤵
    PID:13016
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed
    3⤵
    PID:3064
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
    3⤵
    PID:11236
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:7320
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "tasklist
  2⤵
  PID:13532

C:\Windows\SysWOW64\tasklist.exe
tasklist
1⤵
PID:5352

C:\Windows\SysWOW64\Taskmgr.exe
"C:\Windows\System32\Taskmgr.exe"
1⤵
PID:13204

C:\Users\Admin\Desktop\VTProblem-VM (2).exe
"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"
1⤵
PID:13136
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:14452
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:15164
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:13640
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version
    3⤵
    PID:14160
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic CSPRODUCT get
    3⤵
    PID:484
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed
    3⤵
    PID:13404
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:14400

C:\Users\Admin\Desktop\VTProblem-VM (2).exe
"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"
1⤵
- Checks computer location settings
PID:2308
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:9780
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:4936
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:14968
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:14252
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version
    3⤵
    PID:13668
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic CSPRODUCT get
    3⤵
    PID:14428
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed
    3⤵
    PID:15296
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
    3⤵
    PID:11888
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "tasklist
  2⤵
  PID:9644
- - C:\Windows\System32\Conhost.exe
    \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    3⤵
    PID:8152

C:\Users\Admin\Desktop\VTProblem-VM (2).exe
"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"
1⤵
- Checks computer location settings
PID:13304
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:9028
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:15024
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:14228
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version
    3⤵
    PID:13404
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic CSPRODUCT get
    3⤵
    PID:6016
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed
    3⤵
    PID:8092
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
    3⤵
    PID:14064
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:8624
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "tasklist
  2⤵
  PID:10340

C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
1⤵
PID:13292
- C:\Windows\SysWOW64\Wbem\WMIC.exe
  wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
  2⤵
  PID:13804
- C:\Windows\SysWOW64\Wbem\WMIC.exe
  wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version
  2⤵
  PID:12992
- C:\Windows\SysWOW64\Wbem\WMIC.exe
  wmic baseboard get Manufacturer,Product,SerialNumber
  2⤵
  PID:12524
- C:\Windows\SysWOW64\Wbem\WMIC.exe
  wmic CSPRODUCT get
  2⤵
  PID:12016
- C:\Windows\SysWOW64\Wbem\WMIC.exe
  wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed
  2⤵
  PID:12996
- C:\Windows\SysWOW64\Wbem\WMIC.exe
  wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:6580

C:\Users\Admin\Desktop\VTProblem-VM (2).exe
"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"
1⤵
- Checks computer location settings
PID:13432
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:14532
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:14996
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:14140
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version
    3⤵
    PID:15068
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic CSPRODUCT get
    3⤵
    PID:13484
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed
    3⤵
    PID:12916
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
    3⤵
    PID:14428
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:14504

C:\Users\Admin\Desktop\VTProblem-VM (2).exe
"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"
1⤵
- Checks computer location settings
PID:11412

C:\Windows\SysWOW64\Wbem\WMIC.exe
wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
1⤵
PID:11304

C:\Windows\SysWOW64\tasklist.exe
tasklist
1⤵
PID:7524

C:\Users\Admin\Desktop\VTProblem-VM (2).exe
"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"
1⤵
PID:7912

C:\Users\Admin\Desktop\VTProblem-VM (2).exe
"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"
1⤵
- Checks computer location settings
PID:10016
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "tasklist
  2⤵
  PID:12500
- - C:\Windows\System32\Conhost.exe
    \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    3⤵
    PID:14568

C:\Users\Admin\Desktop\VTProblem-VM (2).exe
"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"
1⤵
- Checks computer location settings
PID:14264
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:14656
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:15236
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:14260
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version
    3⤵
    PID:15012
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic CSPRODUCT get
    3⤵
    PID:14360
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed
    3⤵
    PID:14096
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
    3⤵
    PID:1048
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:14648

C:\Users\Admin\Desktop\VTProblem-VM (2).exe
"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"
1⤵
PID:14672
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:15076
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
  2⤵
  PID:15100
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version
    3⤵
    PID:15316
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic baseboard get Manufacturer,Product,SerialNumber
    3⤵
    PID:8152
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version
    3⤵
    PID:13600
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic CSPRODUCT get
    3⤵
    PID:9852
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed
    3⤵
    PID:13608
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks
    3⤵
    PID:9724
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /c "tasklist
  2⤵
  PID:14036

C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
1⤵
PID:13180

C:\Windows\SysWOW64\tasklist.exe
tasklist
1⤵
PID:13492

C:\Windows\SysWOW64\tasklist.exe
tasklist
1⤵
PID:14252

C:\Windows\SysWOW64\tasklist.exe
tasklist
1⤵
- Enumerates processes with tasklist
PID:12772

C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
1⤵
PID:5448

C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
1⤵
PID:15068

C:\Windows\SysWOW64\tasklist.exe
tasklist
1⤵
PID:9680

C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
1⤵
PID:2272

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Process Discovery

T1057

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\3e2651cb230b5698\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
956714757f0c01587d52367ff646889d

SHA1
5532e1a7fb97abd8c267812f34892414b74ce24f

SHA256
e70c02a9df8d4a65b124fcd6a4070b18f04577f237be158af9ccfb6853059394

SHA512
d7d3a1030d4030e9c1b98b22ade13163a654e814ffaff364569893cb0d2dfda86808df262809f4fe5c41b78874f609febb0ef9a5d19e1b8c87c12203c1a20573

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\3e2651cb230b5698\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\3e2651cb230b5698\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\3e2651cb230b5698\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\3e2651cb230b5698\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\3e2651cb230b5698\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
944B

MD5
399468c9f1ba0079d0363c8d29104113

SHA1
eccbdbf52ebceafe91e255668c7f31609f7af914

SHA256
fdaa3062dfd314b5834a803ba0ddcffd5afedaab39300415db27ebe0c3289d25

SHA512
7b4efc9378f9edf6268da46e9dd41fcee87d9af43c53916bb17713b9270f10bd76073b4b76e3e17a7b02bb6a46caa95d412ddb51263df78ee8e698ea4ce1e8a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\VTProblem-VM (2).exe.log

Filesize
1KB

MD5
68210ac86590d0ea9ffa04671036ecf3

SHA1
fbda2894df40e613bafe99e39f76f8fce11ccffa

SHA256
3e35b35f99745a7a97e4fd81be55ab4a396cab57aeeff6de2c999cbcc03deae5

SHA512
c8f9dbd69b4444e93b738e7ded21125b79ed3b28ebbd154cf250768ee62f6c3f016a1db4a9c1dbb4b5f7dca878182a90c83a9a9f7051ef2be7aecce81be20b12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Caches

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Caches

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll

Filesize
40KB

MD5
94173de2e35aa8d621fc1c4f54b2a082

SHA1
fbb2266ee47f88462560f0370edb329554cd5869

SHA256
7e2c70b7732fb1a9a61d7ce3d7290bc7b31ea28cbfb1dbc79d377835615b941f

SHA512
cadbf4db0417283a02febbabd337bf17b254a6eb6e771f8a553a140dd2b04efd0672b1f3175c044a3edd0a911ce59d6695f765555262560925f3159bb8f3b798

Download Submit
C:\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll

Filesize
40KB

MD5
94173de2e35aa8d621fc1c4f54b2a082

SHA1
fbb2266ee47f88462560f0370edb329554cd5869

SHA256
7e2c70b7732fb1a9a61d7ce3d7290bc7b31ea28cbfb1dbc79d377835615b941f

SHA512
cadbf4db0417283a02febbabd337bf17b254a6eb6e771f8a553a140dd2b04efd0672b1f3175c044a3edd0a911ce59d6695f765555262560925f3159bb8f3b798

Download Submit
C:\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll

Filesize
40KB

MD5
94173de2e35aa8d621fc1c4f54b2a082

SHA1
fbb2266ee47f88462560f0370edb329554cd5869

SHA256
7e2c70b7732fb1a9a61d7ce3d7290bc7b31ea28cbfb1dbc79d377835615b941f

SHA512
cadbf4db0417283a02febbabd337bf17b254a6eb6e771f8a553a140dd2b04efd0672b1f3175c044a3edd0a911ce59d6695f765555262560925f3159bb8f3b798

Download Submit
C:\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll

Filesize
40KB

MD5
94173de2e35aa8d621fc1c4f54b2a082

SHA1
fbb2266ee47f88462560f0370edb329554cd5869

SHA256
7e2c70b7732fb1a9a61d7ce3d7290bc7b31ea28cbfb1dbc79d377835615b941f

SHA512
cadbf4db0417283a02febbabd337bf17b254a6eb6e771f8a553a140dd2b04efd0672b1f3175c044a3edd0a911ce59d6695f765555262560925f3159bb8f3b798

Download Submit
C:\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll

Filesize
40KB

MD5
94173de2e35aa8d621fc1c4f54b2a082

SHA1
fbb2266ee47f88462560f0370edb329554cd5869

SHA256
7e2c70b7732fb1a9a61d7ce3d7290bc7b31ea28cbfb1dbc79d377835615b941f

SHA512
cadbf4db0417283a02febbabd337bf17b254a6eb6e771f8a553a140dd2b04efd0672b1f3175c044a3edd0a911ce59d6695f765555262560925f3159bb8f3b798

Download Submit
C:\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll

Filesize
40KB

MD5
94173de2e35aa8d621fc1c4f54b2a082

SHA1
fbb2266ee47f88462560f0370edb329554cd5869

SHA256
7e2c70b7732fb1a9a61d7ce3d7290bc7b31ea28cbfb1dbc79d377835615b941f

SHA512
cadbf4db0417283a02febbabd337bf17b254a6eb6e771f8a553a140dd2b04efd0672b1f3175c044a3edd0a911ce59d6695f765555262560925f3159bb8f3b798

Download Submit
C:\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll

Filesize
40KB

MD5
94173de2e35aa8d621fc1c4f54b2a082

SHA1
fbb2266ee47f88462560f0370edb329554cd5869

SHA256
7e2c70b7732fb1a9a61d7ce3d7290bc7b31ea28cbfb1dbc79d377835615b941f

SHA512
cadbf4db0417283a02febbabd337bf17b254a6eb6e771f8a553a140dd2b04efd0672b1f3175c044a3edd0a911ce59d6695f765555262560925f3159bb8f3b798

Download Submit
C:\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll

Filesize
40KB

MD5
94173de2e35aa8d621fc1c4f54b2a082

SHA1
fbb2266ee47f88462560f0370edb329554cd5869

SHA256
7e2c70b7732fb1a9a61d7ce3d7290bc7b31ea28cbfb1dbc79d377835615b941f

SHA512
cadbf4db0417283a02febbabd337bf17b254a6eb6e771f8a553a140dd2b04efd0672b1f3175c044a3edd0a911ce59d6695f765555262560925f3159bb8f3b798

Download Submit
C:\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll

Filesize
40KB

MD5
94173de2e35aa8d621fc1c4f54b2a082

SHA1
fbb2266ee47f88462560f0370edb329554cd5869

SHA256
7e2c70b7732fb1a9a61d7ce3d7290bc7b31ea28cbfb1dbc79d377835615b941f

SHA512
cadbf4db0417283a02febbabd337bf17b254a6eb6e771f8a553a140dd2b04efd0672b1f3175c044a3edd0a911ce59d6695f765555262560925f3159bb8f3b798

Download Submit
C:\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll

Filesize
40KB

MD5
94173de2e35aa8d621fc1c4f54b2a082

SHA1
fbb2266ee47f88462560f0370edb329554cd5869

SHA256
7e2c70b7732fb1a9a61d7ce3d7290bc7b31ea28cbfb1dbc79d377835615b941f

SHA512
cadbf4db0417283a02febbabd337bf17b254a6eb6e771f8a553a140dd2b04efd0672b1f3175c044a3edd0a911ce59d6695f765555262560925f3159bb8f3b798

Download Submit
C:\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll

Filesize
40KB

MD5
94173de2e35aa8d621fc1c4f54b2a082

SHA1
fbb2266ee47f88462560f0370edb329554cd5869

SHA256
7e2c70b7732fb1a9a61d7ce3d7290bc7b31ea28cbfb1dbc79d377835615b941f

SHA512
cadbf4db0417283a02febbabd337bf17b254a6eb6e771f8a553a140dd2b04efd0672b1f3175c044a3edd0a911ce59d6695f765555262560925f3159bb8f3b798

Download Submit
C:\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll

Filesize
40KB

MD5
94173de2e35aa8d621fc1c4f54b2a082

SHA1
fbb2266ee47f88462560f0370edb329554cd5869

SHA256
7e2c70b7732fb1a9a61d7ce3d7290bc7b31ea28cbfb1dbc79d377835615b941f

SHA512
cadbf4db0417283a02febbabd337bf17b254a6eb6e771f8a553a140dd2b04efd0672b1f3175c044a3edd0a911ce59d6695f765555262560925f3159bb8f3b798

Download Submit
C:\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll

Filesize
40KB

MD5
94173de2e35aa8d621fc1c4f54b2a082

SHA1
fbb2266ee47f88462560f0370edb329554cd5869

SHA256
7e2c70b7732fb1a9a61d7ce3d7290bc7b31ea28cbfb1dbc79d377835615b941f

SHA512
cadbf4db0417283a02febbabd337bf17b254a6eb6e771f8a553a140dd2b04efd0672b1f3175c044a3edd0a911ce59d6695f765555262560925f3159bb8f3b798

Download Submit
C:\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll

Filesize
40KB

MD5
94173de2e35aa8d621fc1c4f54b2a082

SHA1
fbb2266ee47f88462560f0370edb329554cd5869

SHA256
7e2c70b7732fb1a9a61d7ce3d7290bc7b31ea28cbfb1dbc79d377835615b941f

SHA512
cadbf4db0417283a02febbabd337bf17b254a6eb6e771f8a553a140dd2b04efd0672b1f3175c044a3edd0a911ce59d6695f765555262560925f3159bb8f3b798

Download Submit
C:\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll

Filesize
40KB

MD5
94173de2e35aa8d621fc1c4f54b2a082

SHA1
fbb2266ee47f88462560f0370edb329554cd5869

SHA256
7e2c70b7732fb1a9a61d7ce3d7290bc7b31ea28cbfb1dbc79d377835615b941f

SHA512
cadbf4db0417283a02febbabd337bf17b254a6eb6e771f8a553a140dd2b04efd0672b1f3175c044a3edd0a911ce59d6695f765555262560925f3159bb8f3b798

Download Submit
C:\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll

Filesize
40KB

MD5
94173de2e35aa8d621fc1c4f54b2a082

SHA1
fbb2266ee47f88462560f0370edb329554cd5869

SHA256
7e2c70b7732fb1a9a61d7ce3d7290bc7b31ea28cbfb1dbc79d377835615b941f

SHA512
cadbf4db0417283a02febbabd337bf17b254a6eb6e771f8a553a140dd2b04efd0672b1f3175c044a3edd0a911ce59d6695f765555262560925f3159bb8f3b798

Download Submit
C:\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll

Filesize
40KB

MD5
94173de2e35aa8d621fc1c4f54b2a082

SHA1
fbb2266ee47f88462560f0370edb329554cd5869

SHA256
7e2c70b7732fb1a9a61d7ce3d7290bc7b31ea28cbfb1dbc79d377835615b941f

SHA512
cadbf4db0417283a02febbabd337bf17b254a6eb6e771f8a553a140dd2b04efd0672b1f3175c044a3edd0a911ce59d6695f765555262560925f3159bb8f3b798

Download Submit
\??\pipe\crashpad_3716_MLRDPOHIFONYEOXX

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/204-175-0x0000000000000000-mapping.dmp

Download
memory/540-168-0x0000000000000000-mapping.dmp

Download
memory/760-142-0x0000000000000000-mapping.dmp

Download
memory/924-194-0x0000000000000000-mapping.dmp

Download
memory/1048-177-0x0000000000000000-mapping.dmp

Download
memory/1232-198-0x0000000000000000-mapping.dmp

Download
memory/1444-170-0x0000000000000000-mapping.dmp

Download
memory/1520-181-0x0000000000000000-mapping.dmp

Download
memory/1844-184-0x0000000000000000-mapping.dmp

Download
memory/1896-172-0x0000000000000000-mapping.dmp

Download
memory/1908-225-0x0000000000000000-mapping.dmp

Download
memory/2308-188-0x0000000000000000-mapping.dmp

Download
memory/2348-133-0x0000000005E20000-0x00000000063C4000-memory.dmp

Filesize
5.6MB

Download
memory/2348-147-0x00000000085E0000-0x00000000086E4000-memory.dmp

Filesize
1.0MB

Download
memory/2348-132-0x0000000000EB0000-0x0000000000EF0000-memory.dmp

Filesize
256KB

Download
memory/2348-146-0x0000000006970000-0x0000000006A02000-memory.dmp

Filesize
584KB

Download
memory/2816-204-0x0000000000000000-mapping.dmp

Download
memory/2968-138-0x0000000000000000-mapping.dmp

Download
memory/2992-153-0x0000000000000000-mapping.dmp

Download
memory/3044-145-0x0000000000000000-mapping.dmp

Download
memory/3232-196-0x0000000000000000-mapping.dmp

Download
memory/3328-192-0x0000000000000000-mapping.dmp

Download
memory/3356-216-0x0000000000000000-mapping.dmp

Download
memory/3612-173-0x0000000000000000-mapping.dmp

Download
memory/3652-156-0x0000000000000000-mapping.dmp

Download
memory/3796-187-0x0000000000000000-mapping.dmp

Download
memory/3920-143-0x0000000000000000-mapping.dmp

Download
memory/3968-224-0x0000000000000000-mapping.dmp

Download
memory/4008-227-0x0000000000000000-mapping.dmp

Download
memory/4048-182-0x0000000000000000-mapping.dmp

Download
memory/4184-154-0x0000000000000000-mapping.dmp

Download
memory/4264-139-0x0000000000000000-mapping.dmp

Download
memory/4304-185-0x0000000000000000-mapping.dmp

Download
memory/4328-140-0x0000000000000000-mapping.dmp

Download
memory/4536-164-0x0000000000000000-mapping.dmp

Download
memory/4560-180-0x0000000000000000-mapping.dmp

Download
memory/4684-179-0x0000000000000000-mapping.dmp

Download
memory/4780-193-0x0000000000000000-mapping.dmp

Download
memory/4808-144-0x0000000000000000-mapping.dmp

Download
memory/4808-197-0x0000000007010000-0x0000000007052000-memory.dmp

Filesize
264KB

Download
memory/4932-135-0x0000000000000000-mapping.dmp

Download
memory/4944-136-0x0000000000000000-mapping.dmp

Download
memory/4972-191-0x0000000000000000-mapping.dmp

Download
memory/5088-137-0x0000000000000000-mapping.dmp

Download
memory/5132-221-0x0000000000000000-mapping.dmp

Download
memory/5136-220-0x0000000000000000-mapping.dmp

Download
memory/5180-218-0x0000000000000000-mapping.dmp

Download
memory/5188-186-0x0000000000000000-mapping.dmp

Download
memory/5192-223-0x0000000000000000-mapping.dmp

Download
memory/5196-219-0x0000000000000000-mapping.dmp

Download
memory/5216-226-0x0000000000000000-mapping.dmp

Download
memory/5276-222-0x0000000000000000-mapping.dmp

Download
memory/5300-189-0x0000000000000000-mapping.dmp

Download
memory/5304-176-0x0000000000000000-mapping.dmp

Download
memory/5364-167-0x0000000000000000-mapping.dmp

Download
memory/5396-169-0x0000000000000000-mapping.dmp

Download
memory/5540-199-0x0000000000000000-mapping.dmp

Download
memory/5556-155-0x0000000000000000-mapping.dmp

Download
memory/5612-160-0x0000000000000000-mapping.dmp

Download
memory/5628-201-0x0000000000000000-mapping.dmp

Download
memory/5712-161-0x0000000000000000-mapping.dmp

Download
memory/5752-205-0x0000000000000000-mapping.dmp

Download
memory/5768-165-0x0000000000000000-mapping.dmp

Download
memory/5812-200-0x0000000000000000-mapping.dmp

Download
memory/5828-162-0x0000000000000000-mapping.dmp

Download
memory/5844-163-0x0000000000000000-mapping.dmp

Download
memory/5848-202-0x0000000000000000-mapping.dmp

Download
memory/6004-174-0x0000000000000000-mapping.dmp

Download
memory/6104-217-0x0000000000000000-mapping.dmp

Download
memory/6472-228-0x0000000004E30000-0x0000000004E40000-memory.dmp

Filesize
64KB

Download