Malware Analysis Report

2024-08-06 08:32

Sample ID 230219-tmlzdsfh96
Target VTProblem-VM (2).exe
SHA256 48ee8d72d38ee855eafaf022a158d649d32e1b4e919e7b6f8d8b94ce47e43e98
Tags
elysiumstealer stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

48ee8d72d38ee855eafaf022a158d649d32e1b4e919e7b6f8d8b94ce47e43e98

Threat Level: Known bad

The file VTProblem-VM (2).exe was found to be: Known bad.

Malicious Activity Summary

elysiumstealer stealer

ElysiumStealer Support DLL

ElysiumStealer

Loads dropped DLL

Checks computer location settings

Enumerates physical storage devices

Program crash

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: GetForegroundWindowSpam

Modifies registry class

Suspicious use of WriteProcessMemory

Suspicious use of SendNotifyMessage

Enumerates system info in registry

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of FindShellTrayWindow

Enumerates processes with tasklist

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: AddClipboardFormatListener

Suspicious use of SetWindowsHookEx

Checks SCSI registry key(s)

MITRE ATT&CK Matrix V6

Initial Access
TA0001
Execution
TA0002
Persistence
TA0003
Privilege Escalation
TA0004
Defense Evasion
TA0005
Credential Access
TA0006
Discovery
TA0007
System Information Discovery
T1082
Process Discovery
T1057
Query Registry
T1012
Peripheral Device Discovery
T1120
Lateral Movement
TA0008
Collection
TA0009
Exfiltration
TA0010
Command and Control
TA0011
Impact
TA0040

Analysis: static1

Detonation Overview

Reported

2023-02-19 16:10

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-02-19 16:10

Reported

2023-02-19 16:17

Platform

win7-20221111-de

Max time kernel

358s

Max time network

336s

Command Line

"C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe"

Signatures

ElysiumStealer

stealer elysiumstealer

ElysiumStealer Support DLL

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe N/A
N/A N/A C:\Users\Admin\Desktop\VTProblem-VM (2).exe N/A

Enumerates physical storage devices

Enumerates processes with tasklist

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskmgr.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: 34 N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: 35 N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: 34 N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: 35 N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: 34 N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: 35 N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1900 wrote to memory of 992 N/A C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe C:\Windows\SysWOW64\taskmgr.exe
PID 1900 wrote to memory of 992 N/A C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe C:\Windows\SysWOW64\taskmgr.exe
PID 1900 wrote to memory of 992 N/A C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe C:\Windows\SysWOW64\taskmgr.exe
PID 1900 wrote to memory of 992 N/A C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe C:\Windows\SysWOW64\taskmgr.exe
PID 1900 wrote to memory of 1840 N/A C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe C:\Windows\SysWOW64\cmd.exe
PID 1900 wrote to memory of 1840 N/A C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe C:\Windows\SysWOW64\cmd.exe
PID 1900 wrote to memory of 1840 N/A C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe C:\Windows\SysWOW64\cmd.exe
PID 1900 wrote to memory of 1840 N/A C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe C:\Windows\SysWOW64\cmd.exe
PID 1840 wrote to memory of 1512 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\Wbem\WMIC.exe
PID 1840 wrote to memory of 1512 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\Wbem\WMIC.exe
PID 1840 wrote to memory of 1512 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\Wbem\WMIC.exe
PID 1840 wrote to memory of 1512 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\Wbem\WMIC.exe
PID 1840 wrote to memory of 592 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\Wbem\WMIC.exe
PID 1840 wrote to memory of 592 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\Wbem\WMIC.exe
PID 1840 wrote to memory of 592 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\Wbem\WMIC.exe
PID 1840 wrote to memory of 592 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\Wbem\WMIC.exe
PID 1840 wrote to memory of 1596 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\Wbem\WMIC.exe
PID 1840 wrote to memory of 1596 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\Wbem\WMIC.exe
PID 1840 wrote to memory of 1596 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\Wbem\WMIC.exe
PID 1840 wrote to memory of 1596 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\Wbem\WMIC.exe
PID 1840 wrote to memory of 944 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\Wbem\WMIC.exe
PID 1840 wrote to memory of 944 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\Wbem\WMIC.exe
PID 1840 wrote to memory of 944 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\Wbem\WMIC.exe
PID 1840 wrote to memory of 944 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\Wbem\WMIC.exe
PID 1840 wrote to memory of 1480 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\Wbem\WMIC.exe
PID 1840 wrote to memory of 1480 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\Wbem\WMIC.exe
PID 1840 wrote to memory of 1480 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\Wbem\WMIC.exe
PID 1840 wrote to memory of 1480 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\Wbem\WMIC.exe
PID 1840 wrote to memory of 484 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\Wbem\WMIC.exe
PID 1840 wrote to memory of 484 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\Wbem\WMIC.exe
PID 1840 wrote to memory of 484 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\Wbem\WMIC.exe
PID 1840 wrote to memory of 484 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\Wbem\WMIC.exe
PID 1900 wrote to memory of 1536 N/A C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe C:\Windows\SysWOW64\cmd.exe
PID 1900 wrote to memory of 1536 N/A C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe C:\Windows\SysWOW64\cmd.exe
PID 1900 wrote to memory of 1536 N/A C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe C:\Windows\SysWOW64\cmd.exe
PID 1900 wrote to memory of 1536 N/A C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe C:\Windows\SysWOW64\cmd.exe
PID 1536 wrote to memory of 1992 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\tasklist.exe
PID 1536 wrote to memory of 1992 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\tasklist.exe
PID 1536 wrote to memory of 1992 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\tasklist.exe
PID 1536 wrote to memory of 1992 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\tasklist.exe
PID 1832 wrote to memory of 1920 N/A C:\Users\Admin\Desktop\VTProblem-VM (2).exe C:\Windows\SysWOW64\taskmgr.exe
PID 1832 wrote to memory of 1920 N/A C:\Users\Admin\Desktop\VTProblem-VM (2).exe C:\Windows\SysWOW64\taskmgr.exe
PID 1832 wrote to memory of 1920 N/A C:\Users\Admin\Desktop\VTProblem-VM (2).exe C:\Windows\SysWOW64\taskmgr.exe
PID 1832 wrote to memory of 1920 N/A C:\Users\Admin\Desktop\VTProblem-VM (2).exe C:\Windows\SysWOW64\taskmgr.exe
PID 1832 wrote to memory of 544 N/A C:\Users\Admin\Desktop\VTProblem-VM (2).exe C:\Windows\SysWOW64\cmd.exe
PID 1832 wrote to memory of 544 N/A C:\Users\Admin\Desktop\VTProblem-VM (2).exe C:\Windows\SysWOW64\cmd.exe
PID 1832 wrote to memory of 544 N/A C:\Users\Admin\Desktop\VTProblem-VM (2).exe C:\Windows\SysWOW64\cmd.exe
PID 1832 wrote to memory of 544 N/A C:\Users\Admin\Desktop\VTProblem-VM (2).exe C:\Windows\SysWOW64\cmd.exe

Processes

C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe

"C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe"

C:\Windows\SysWOW64\taskmgr.exe

"C:\Windows\System32\taskmgr.exe"

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic baseboard get Manufacturer,Product,SerialNumber

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic CSPRODUCT get

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "tasklist

C:\Windows\SysWOW64\tasklist.exe

tasklist

C:\Windows\explorer.exe

"C:\Windows\explorer.exe"

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x4fc

C:\Users\Admin\Desktop\VTProblem-VM (2).exe

"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"

C:\Windows\SysWOW64\taskmgr.exe

"C:\Windows\System32\taskmgr.exe"

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version

C:\Users\Admin\Desktop\VTProblem-VM (2).exe

"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"

C:\Users\Admin\Desktop\VTProblem-VM (2).exe

"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"

C:\Windows\SysWOW64\taskmgr.exe

"C:\Windows\System32\taskmgr.exe"

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Users\Admin\Desktop\VTProblem-VM (2).exe

"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"

C:\Users\Admin\Desktop\VTProblem-VM (2).exe

"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version

C:\Users\Admin\Desktop\VTProblem-VM (2).exe

"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"

C:\Windows\SysWOW64\taskmgr.exe

"C:\Windows\System32\taskmgr.exe"

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Users\Admin\Desktop\VTProblem-VM (2).exe

"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"

C:\Windows\SysWOW64\taskmgr.exe

"C:\Windows\System32\taskmgr.exe"

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\taskmgr.exe

"C:\Windows\System32\taskmgr.exe"

C:\Users\Admin\Desktop\VTProblem-VM (2).exe

"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version

C:\Users\Admin\Desktop\VTProblem-VM (2).exe

"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"

C:\Users\Admin\Desktop\VTProblem-VM (2).exe

"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"

C:\Users\Admin\Desktop\VTProblem-VM (2).exe

"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"

C:\Users\Admin\Desktop\VTProblem-VM (2).exe

"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version

C:\Windows\SysWOW64\taskmgr.exe

"C:\Windows\System32\taskmgr.exe"

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Users\Admin\Desktop\VTProblem-VM (2).exe

"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version

C:\Users\Admin\Desktop\VTProblem-VM (2).exe

"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"

C:\Users\Admin\Desktop\VTProblem-VM (2).exe

"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"

C:\Users\Admin\Desktop\VTProblem-VM (2).exe

"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"

C:\Users\Admin\Desktop\VTProblem-VM (2).exe

"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"

C:\Users\Admin\Desktop\VTProblem-VM (2).exe

"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"

C:\Users\Admin\Desktop\VTProblem-VM (2).exe

"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"

C:\Windows\SysWOW64\taskmgr.exe

"C:\Windows\System32\taskmgr.exe"

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\taskmgr.exe

"C:\Windows\System32\taskmgr.exe"

C:\Windows\SysWOW64\taskmgr.exe

"C:\Windows\System32\taskmgr.exe"

C:\Windows\SysWOW64\taskmgr.exe

"C:\Windows\System32\taskmgr.exe"

C:\Windows\SysWOW64\taskmgr.exe

"C:\Windows\System32\taskmgr.exe"

C:\Windows\SysWOW64\taskmgr.exe

"C:\Windows\System32\taskmgr.exe"

C:\Windows\SysWOW64\taskmgr.exe

"C:\Windows\System32\taskmgr.exe"

C:\Windows\SysWOW64\taskmgr.exe

"C:\Windows\System32\taskmgr.exe"

C:\Windows\SysWOW64\taskmgr.exe

"C:\Windows\System32\taskmgr.exe"

C:\Users\Admin\Desktop\VTProblem-VM (2).exe

"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"

C:\Users\Admin\Desktop\VTProblem-VM (2).exe

"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"

C:\Users\Admin\Desktop\VTProblem-VM (2).exe

"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"

C:\Users\Admin\Desktop\VTProblem-VM (2).exe

"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"

C:\Users\Admin\Desktop\VTProblem-VM (2).exe

"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"

C:\Users\Admin\Desktop\VTProblem-VM (2).exe

"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"

C:\Users\Admin\Desktop\VTProblem-VM (2).exe

"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"

C:\Users\Admin\Desktop\VTProblem-VM (2).exe

"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"

C:\Users\Admin\Desktop\VTProblem-VM (2).exe

"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"

C:\Users\Admin\Desktop\VTProblem-VM (2).exe

"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"

C:\Users\Admin\Desktop\VTProblem-VM (2).exe

"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"

C:\Users\Admin\Desktop\VTProblem-VM (2).exe

"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"

C:\Users\Admin\Desktop\VTProblem-VM (2).exe

"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"

C:\Users\Admin\Desktop\VTProblem-VM (2).exe

"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"

C:\Users\Admin\Desktop\VTProblem-VM (2).exe

"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"

C:\Users\Admin\Desktop\VTProblem-VM (2).exe

"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"

C:\Users\Admin\Desktop\VTProblem-VM (2).exe

"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"

C:\Users\Admin\Desktop\VTProblem-VM (2).exe

"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"

C:\Users\Admin\Desktop\VTProblem-VM (2).exe

"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"

C:\Users\Admin\Desktop\VTProblem-VM (2).exe

"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"

C:\Users\Admin\Desktop\VTProblem-VM (2).exe

"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"

C:\Users\Admin\Desktop\VTProblem-VM (2).exe

"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"

C:\Windows\SysWOW64\taskmgr.exe

"C:\Windows\System32\taskmgr.exe"

C:\Users\Admin\Desktop\VTProblem-VM (2).exe

"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"

C:\Users\Admin\Desktop\VTProblem-VM (2).exe

"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"

C:\Users\Admin\Desktop\VTProblem-VM (2).exe

"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Users\Admin\Desktop\VTProblem-VM (2).exe

"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Users\Admin\Desktop\VTProblem-VM (2).exe

"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"

C:\Users\Admin\Desktop\VTProblem-VM (2).exe

"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Users\Admin\Desktop\VTProblem-VM (2).exe

"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"

C:\Users\Admin\Desktop\VTProblem-VM (2).exe

"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"

C:\Users\Admin\Desktop\VTProblem-VM (2).exe

"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"

C:\Users\Admin\Desktop\VTProblem-VM (2).exe

"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"

C:\Users\Admin\Desktop\VTProblem-VM (2).exe

"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"

C:\Users\Admin\Desktop\VTProblem-VM (2).exe

"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"

C:\Users\Admin\Desktop\VTProblem-VM (2).exe

"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"

C:\Users\Admin\Desktop\VTProblem-VM (2).exe

"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"

C:\Users\Admin\Desktop\VTProblem-VM (2).exe

"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version

C:\Windows\SysWOW64\taskmgr.exe

"C:\Windows\System32\taskmgr.exe"

C:\Windows\SysWOW64\taskmgr.exe

"C:\Windows\System32\taskmgr.exe"

C:\Windows\SysWOW64\taskmgr.exe

"C:\Windows\System32\taskmgr.exe"

C:\Windows\SysWOW64\taskmgr.exe

"C:\Windows\System32\taskmgr.exe"

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version

C:\Windows\SysWOW64\taskmgr.exe

"C:\Windows\System32\taskmgr.exe"

C:\Windows\SysWOW64\taskmgr.exe

"C:\Windows\System32\taskmgr.exe"

C:\Windows\SysWOW64\taskmgr.exe

"C:\Windows\System32\taskmgr.exe"

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic baseboard get Manufacturer,Product,SerialNumber

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version

C:\Windows\SysWOW64\taskmgr.exe

"C:\Windows\System32\taskmgr.exe"

C:\Windows\SysWOW64\taskmgr.exe

"C:\Windows\System32\taskmgr.exe"

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version

C:\Windows\SysWOW64\taskmgr.exe

"C:\Windows\System32\taskmgr.exe"

C:\Windows\SysWOW64\taskmgr.exe

"C:\Windows\System32\taskmgr.exe"

C:\Windows\SysWOW64\taskmgr.exe

"C:\Windows\System32\taskmgr.exe"

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version

C:\Windows\SysWOW64\taskmgr.exe

"C:\Windows\System32\taskmgr.exe"

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version

C:\Windows\SysWOW64\taskmgr.exe

"C:\Windows\System32\taskmgr.exe"

C:\Windows\SysWOW64\taskmgr.exe

"C:\Windows\System32\taskmgr.exe"

C:\Windows\SysWOW64\taskmgr.exe

"C:\Windows\System32\taskmgr.exe"

C:\Windows\SysWOW64\taskmgr.exe

"C:\Windows\System32\taskmgr.exe"

C:\Windows\SysWOW64\taskmgr.exe

"C:\Windows\System32\taskmgr.exe"

C:\Windows\SysWOW64\taskmgr.exe

"C:\Windows\System32\taskmgr.exe"

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\taskmgr.exe

"C:\Windows\System32\taskmgr.exe"

C:\Windows\SysWOW64\taskmgr.exe

"C:\Windows\System32\taskmgr.exe"

C:\Windows\SysWOW64\taskmgr.exe

"C:\Windows\System32\taskmgr.exe"

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

Network

Country Destination Domain Proto
US 8.8.8.8:53 api.telegram.org udp
NL 149.154.167.220:443 api.telegram.org tcp

Files

memory/1900-54-0x0000000000ED0000-0x0000000000F10000-memory.dmp

memory/1900-55-0x0000000074FA1000-0x0000000074FA3000-memory.dmp

memory/1900-56-0x0000000000340000-0x0000000000354000-memory.dmp

\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll

MD5 94173de2e35aa8d621fc1c4f54b2a082
SHA1 fbb2266ee47f88462560f0370edb329554cd5869
SHA256 7e2c70b7732fb1a9a61d7ce3d7290bc7b31ea28cbfb1dbc79d377835615b941f
SHA512 cadbf4db0417283a02febbabd337bf17b254a6eb6e771f8a553a140dd2b04efd0672b1f3175c044a3edd0a911ce59d6695f765555262560925f3159bb8f3b798

memory/992-58-0x0000000000000000-mapping.dmp

memory/1840-60-0x0000000000000000-mapping.dmp

memory/1512-61-0x0000000000000000-mapping.dmp

memory/592-62-0x0000000000000000-mapping.dmp

memory/1596-63-0x0000000000000000-mapping.dmp

memory/944-64-0x0000000000000000-mapping.dmp

memory/1480-65-0x0000000000000000-mapping.dmp

memory/484-66-0x0000000000000000-mapping.dmp

memory/1536-67-0x0000000000000000-mapping.dmp

memory/1992-68-0x0000000000000000-mapping.dmp

memory/1936-69-0x000007FEFBB91000-0x000007FEFBB93000-memory.dmp

memory/1832-70-0x0000000000270000-0x00000000002B0000-memory.dmp

memory/1832-72-0x00000000001F0000-0x0000000000204000-memory.dmp

\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll

MD5 94173de2e35aa8d621fc1c4f54b2a082
SHA1 fbb2266ee47f88462560f0370edb329554cd5869
SHA256 7e2c70b7732fb1a9a61d7ce3d7290bc7b31ea28cbfb1dbc79d377835615b941f
SHA512 cadbf4db0417283a02febbabd337bf17b254a6eb6e771f8a553a140dd2b04efd0672b1f3175c044a3edd0a911ce59d6695f765555262560925f3159bb8f3b798

C:\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll

MD5 94173de2e35aa8d621fc1c4f54b2a082
SHA1 fbb2266ee47f88462560f0370edb329554cd5869
SHA256 7e2c70b7732fb1a9a61d7ce3d7290bc7b31ea28cbfb1dbc79d377835615b941f
SHA512 cadbf4db0417283a02febbabd337bf17b254a6eb6e771f8a553a140dd2b04efd0672b1f3175c044a3edd0a911ce59d6695f765555262560925f3159bb8f3b798

memory/1920-75-0x0000000000000000-mapping.dmp

memory/544-77-0x0000000000000000-mapping.dmp

memory/968-78-0x0000000000000000-mapping.dmp

memory/1236-80-0x00000000001C0000-0x00000000001D4000-memory.dmp

\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll

MD5 94173de2e35aa8d621fc1c4f54b2a082
SHA1 fbb2266ee47f88462560f0370edb329554cd5869
SHA256 7e2c70b7732fb1a9a61d7ce3d7290bc7b31ea28cbfb1dbc79d377835615b941f
SHA512 cadbf4db0417283a02febbabd337bf17b254a6eb6e771f8a553a140dd2b04efd0672b1f3175c044a3edd0a911ce59d6695f765555262560925f3159bb8f3b798

memory/1216-82-0x0000000000000000-mapping.dmp

memory/1140-83-0x0000000000000000-mapping.dmp

memory/188-86-0x0000000000210000-0x0000000000224000-memory.dmp

memory/768-87-0x0000000000000000-mapping.dmp

\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll

MD5 94173de2e35aa8d621fc1c4f54b2a082
SHA1 fbb2266ee47f88462560f0370edb329554cd5869
SHA256 7e2c70b7732fb1a9a61d7ce3d7290bc7b31ea28cbfb1dbc79d377835615b941f
SHA512 cadbf4db0417283a02febbabd337bf17b254a6eb6e771f8a553a140dd2b04efd0672b1f3175c044a3edd0a911ce59d6695f765555262560925f3159bb8f3b798

memory/1360-90-0x0000000000000000-mapping.dmp

\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll

MD5 94173de2e35aa8d621fc1c4f54b2a082
SHA1 fbb2266ee47f88462560f0370edb329554cd5869
SHA256 7e2c70b7732fb1a9a61d7ce3d7290bc7b31ea28cbfb1dbc79d377835615b941f
SHA512 cadbf4db0417283a02febbabd337bf17b254a6eb6e771f8a553a140dd2b04efd0672b1f3175c044a3edd0a911ce59d6695f765555262560925f3159bb8f3b798

memory/1084-98-0x0000000000000000-mapping.dmp

memory/2084-105-0x0000000000000000-mapping.dmp

\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll

MD5 94173de2e35aa8d621fc1c4f54b2a082
SHA1 fbb2266ee47f88462560f0370edb329554cd5869
SHA256 7e2c70b7732fb1a9a61d7ce3d7290bc7b31ea28cbfb1dbc79d377835615b941f
SHA512 cadbf4db0417283a02febbabd337bf17b254a6eb6e771f8a553a140dd2b04efd0672b1f3175c044a3edd0a911ce59d6695f765555262560925f3159bb8f3b798

memory/2356-116-0x0000000000000000-mapping.dmp

memory/2380-117-0x0000000000000000-mapping.dmp

\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll

MD5 94173de2e35aa8d621fc1c4f54b2a082
SHA1 fbb2266ee47f88462560f0370edb329554cd5869
SHA256 7e2c70b7732fb1a9a61d7ce3d7290bc7b31ea28cbfb1dbc79d377835615b941f
SHA512 cadbf4db0417283a02febbabd337bf17b254a6eb6e771f8a553a140dd2b04efd0672b1f3175c044a3edd0a911ce59d6695f765555262560925f3159bb8f3b798

memory/2504-121-0x0000000000000000-mapping.dmp

memory/2540-122-0x0000000000000000-mapping.dmp

memory/2556-123-0x0000000000000000-mapping.dmp

memory/2588-125-0x0000000000000000-mapping.dmp

\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll

MD5 94173de2e35aa8d621fc1c4f54b2a082
SHA1 fbb2266ee47f88462560f0370edb329554cd5869
SHA256 7e2c70b7732fb1a9a61d7ce3d7290bc7b31ea28cbfb1dbc79d377835615b941f
SHA512 cadbf4db0417283a02febbabd337bf17b254a6eb6e771f8a553a140dd2b04efd0672b1f3175c044a3edd0a911ce59d6695f765555262560925f3159bb8f3b798

memory/2488-138-0x00000000001C0000-0x00000000001D4000-memory.dmp

memory/2468-140-0x0000000000200000-0x0000000000214000-memory.dmp

memory/2408-135-0x0000000000230000-0x0000000000244000-memory.dmp

memory/3140-145-0x0000000000000000-mapping.dmp

\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll

MD5 94173de2e35aa8d621fc1c4f54b2a082
SHA1 fbb2266ee47f88462560f0370edb329554cd5869
SHA256 7e2c70b7732fb1a9a61d7ce3d7290bc7b31ea28cbfb1dbc79d377835615b941f
SHA512 cadbf4db0417283a02febbabd337bf17b254a6eb6e771f8a553a140dd2b04efd0672b1f3175c044a3edd0a911ce59d6695f765555262560925f3159bb8f3b798

\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll

MD5 94173de2e35aa8d621fc1c4f54b2a082
SHA1 fbb2266ee47f88462560f0370edb329554cd5869
SHA256 7e2c70b7732fb1a9a61d7ce3d7290bc7b31ea28cbfb1dbc79d377835615b941f
SHA512 cadbf4db0417283a02febbabd337bf17b254a6eb6e771f8a553a140dd2b04efd0672b1f3175c044a3edd0a911ce59d6695f765555262560925f3159bb8f3b798

\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll

MD5 94173de2e35aa8d621fc1c4f54b2a082
SHA1 fbb2266ee47f88462560f0370edb329554cd5869
SHA256 7e2c70b7732fb1a9a61d7ce3d7290bc7b31ea28cbfb1dbc79d377835615b941f
SHA512 cadbf4db0417283a02febbabd337bf17b254a6eb6e771f8a553a140dd2b04efd0672b1f3175c044a3edd0a911ce59d6695f765555262560925f3159bb8f3b798

memory/3724-210-0x0000000000000000-mapping.dmp

memory/3688-209-0x0000000000000000-mapping.dmp

\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll

MD5 94173de2e35aa8d621fc1c4f54b2a082
SHA1 fbb2266ee47f88462560f0370edb329554cd5869
SHA256 7e2c70b7732fb1a9a61d7ce3d7290bc7b31ea28cbfb1dbc79d377835615b941f
SHA512 cadbf4db0417283a02febbabd337bf17b254a6eb6e771f8a553a140dd2b04efd0672b1f3175c044a3edd0a911ce59d6695f765555262560925f3159bb8f3b798

\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll

MD5 94173de2e35aa8d621fc1c4f54b2a082
SHA1 fbb2266ee47f88462560f0370edb329554cd5869
SHA256 7e2c70b7732fb1a9a61d7ce3d7290bc7b31ea28cbfb1dbc79d377835615b941f
SHA512 cadbf4db0417283a02febbabd337bf17b254a6eb6e771f8a553a140dd2b04efd0672b1f3175c044a3edd0a911ce59d6695f765555262560925f3159bb8f3b798

\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll

MD5 94173de2e35aa8d621fc1c4f54b2a082
SHA1 fbb2266ee47f88462560f0370edb329554cd5869
SHA256 7e2c70b7732fb1a9a61d7ce3d7290bc7b31ea28cbfb1dbc79d377835615b941f
SHA512 cadbf4db0417283a02febbabd337bf17b254a6eb6e771f8a553a140dd2b04efd0672b1f3175c044a3edd0a911ce59d6695f765555262560925f3159bb8f3b798

memory/3576-200-0x0000000000000000-mapping.dmp

memory/3804-216-0x0000000000000000-mapping.dmp

memory/3792-214-0x0000000000000000-mapping.dmp

memory/3732-212-0x0000000000000000-mapping.dmp

memory/3768-213-0x0000000000000000-mapping.dmp

memory/3748-211-0x0000000000000000-mapping.dmp

\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll

MD5 94173de2e35aa8d621fc1c4f54b2a082
SHA1 fbb2266ee47f88462560f0370edb329554cd5869
SHA256 7e2c70b7732fb1a9a61d7ce3d7290bc7b31ea28cbfb1dbc79d377835615b941f
SHA512 cadbf4db0417283a02febbabd337bf17b254a6eb6e771f8a553a140dd2b04efd0672b1f3175c044a3edd0a911ce59d6695f765555262560925f3159bb8f3b798

memory/3668-208-0x0000000000000000-mapping.dmp

\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll

MD5 94173de2e35aa8d621fc1c4f54b2a082
SHA1 fbb2266ee47f88462560f0370edb329554cd5869
SHA256 7e2c70b7732fb1a9a61d7ce3d7290bc7b31ea28cbfb1dbc79d377835615b941f
SHA512 cadbf4db0417283a02febbabd337bf17b254a6eb6e771f8a553a140dd2b04efd0672b1f3175c044a3edd0a911ce59d6695f765555262560925f3159bb8f3b798

memory/3616-203-0x0000000000000000-mapping.dmp

\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll

MD5 94173de2e35aa8d621fc1c4f54b2a082
SHA1 fbb2266ee47f88462560f0370edb329554cd5869
SHA256 7e2c70b7732fb1a9a61d7ce3d7290bc7b31ea28cbfb1dbc79d377835615b941f
SHA512 cadbf4db0417283a02febbabd337bf17b254a6eb6e771f8a553a140dd2b04efd0672b1f3175c044a3edd0a911ce59d6695f765555262560925f3159bb8f3b798

\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll

MD5 94173de2e35aa8d621fc1c4f54b2a082
SHA1 fbb2266ee47f88462560f0370edb329554cd5869
SHA256 7e2c70b7732fb1a9a61d7ce3d7290bc7b31ea28cbfb1dbc79d377835615b941f
SHA512 cadbf4db0417283a02febbabd337bf17b254a6eb6e771f8a553a140dd2b04efd0672b1f3175c044a3edd0a911ce59d6695f765555262560925f3159bb8f3b798

\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll

MD5 94173de2e35aa8d621fc1c4f54b2a082
SHA1 fbb2266ee47f88462560f0370edb329554cd5869
SHA256 7e2c70b7732fb1a9a61d7ce3d7290bc7b31ea28cbfb1dbc79d377835615b941f
SHA512 cadbf4db0417283a02febbabd337bf17b254a6eb6e771f8a553a140dd2b04efd0672b1f3175c044a3edd0a911ce59d6695f765555262560925f3159bb8f3b798

\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll

MD5 94173de2e35aa8d621fc1c4f54b2a082
SHA1 fbb2266ee47f88462560f0370edb329554cd5869
SHA256 7e2c70b7732fb1a9a61d7ce3d7290bc7b31ea28cbfb1dbc79d377835615b941f
SHA512 cadbf4db0417283a02febbabd337bf17b254a6eb6e771f8a553a140dd2b04efd0672b1f3175c044a3edd0a911ce59d6695f765555262560925f3159bb8f3b798

\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll

MD5 94173de2e35aa8d621fc1c4f54b2a082
SHA1 fbb2266ee47f88462560f0370edb329554cd5869
SHA256 7e2c70b7732fb1a9a61d7ce3d7290bc7b31ea28cbfb1dbc79d377835615b941f
SHA512 cadbf4db0417283a02febbabd337bf17b254a6eb6e771f8a553a140dd2b04efd0672b1f3175c044a3edd0a911ce59d6695f765555262560925f3159bb8f3b798

\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll

MD5 94173de2e35aa8d621fc1c4f54b2a082
SHA1 fbb2266ee47f88462560f0370edb329554cd5869
SHA256 7e2c70b7732fb1a9a61d7ce3d7290bc7b31ea28cbfb1dbc79d377835615b941f
SHA512 cadbf4db0417283a02febbabd337bf17b254a6eb6e771f8a553a140dd2b04efd0672b1f3175c044a3edd0a911ce59d6695f765555262560925f3159bb8f3b798

memory/3468-187-0x0000000000000000-mapping.dmp

\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll

MD5 94173de2e35aa8d621fc1c4f54b2a082
SHA1 fbb2266ee47f88462560f0370edb329554cd5869
SHA256 7e2c70b7732fb1a9a61d7ce3d7290bc7b31ea28cbfb1dbc79d377835615b941f
SHA512 cadbf4db0417283a02febbabd337bf17b254a6eb6e771f8a553a140dd2b04efd0672b1f3175c044a3edd0a911ce59d6695f765555262560925f3159bb8f3b798

\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll

MD5 94173de2e35aa8d621fc1c4f54b2a082
SHA1 fbb2266ee47f88462560f0370edb329554cd5869
SHA256 7e2c70b7732fb1a9a61d7ce3d7290bc7b31ea28cbfb1dbc79d377835615b941f
SHA512 cadbf4db0417283a02febbabd337bf17b254a6eb6e771f8a553a140dd2b04efd0672b1f3175c044a3edd0a911ce59d6695f765555262560925f3159bb8f3b798

memory/3428-183-0x0000000000000000-mapping.dmp

\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll

MD5 94173de2e35aa8d621fc1c4f54b2a082
SHA1 fbb2266ee47f88462560f0370edb329554cd5869
SHA256 7e2c70b7732fb1a9a61d7ce3d7290bc7b31ea28cbfb1dbc79d377835615b941f
SHA512 cadbf4db0417283a02febbabd337bf17b254a6eb6e771f8a553a140dd2b04efd0672b1f3175c044a3edd0a911ce59d6695f765555262560925f3159bb8f3b798

\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll

MD5 94173de2e35aa8d621fc1c4f54b2a082
SHA1 fbb2266ee47f88462560f0370edb329554cd5869
SHA256 7e2c70b7732fb1a9a61d7ce3d7290bc7b31ea28cbfb1dbc79d377835615b941f
SHA512 cadbf4db0417283a02febbabd337bf17b254a6eb6e771f8a553a140dd2b04efd0672b1f3175c044a3edd0a911ce59d6695f765555262560925f3159bb8f3b798

memory/3504-192-0x0000000000000000-mapping.dmp

memory/3380-177-0x0000000000000000-mapping.dmp

\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll

MD5 94173de2e35aa8d621fc1c4f54b2a082
SHA1 fbb2266ee47f88462560f0370edb329554cd5869
SHA256 7e2c70b7732fb1a9a61d7ce3d7290bc7b31ea28cbfb1dbc79d377835615b941f
SHA512 cadbf4db0417283a02febbabd337bf17b254a6eb6e771f8a553a140dd2b04efd0672b1f3175c044a3edd0a911ce59d6695f765555262560925f3159bb8f3b798

memory/3456-186-0x0000000000000000-mapping.dmp

\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll

MD5 94173de2e35aa8d621fc1c4f54b2a082
SHA1 fbb2266ee47f88462560f0370edb329554cd5869
SHA256 7e2c70b7732fb1a9a61d7ce3d7290bc7b31ea28cbfb1dbc79d377835615b941f
SHA512 cadbf4db0417283a02febbabd337bf17b254a6eb6e771f8a553a140dd2b04efd0672b1f3175c044a3edd0a911ce59d6695f765555262560925f3159bb8f3b798

memory/3320-170-0x0000000000000000-mapping.dmp

\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll

MD5 94173de2e35aa8d621fc1c4f54b2a082
SHA1 fbb2266ee47f88462560f0370edb329554cd5869
SHA256 7e2c70b7732fb1a9a61d7ce3d7290bc7b31ea28cbfb1dbc79d377835615b941f
SHA512 cadbf4db0417283a02febbabd337bf17b254a6eb6e771f8a553a140dd2b04efd0672b1f3175c044a3edd0a911ce59d6695f765555262560925f3159bb8f3b798

\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll

MD5 94173de2e35aa8d621fc1c4f54b2a082
SHA1 fbb2266ee47f88462560f0370edb329554cd5869
SHA256 7e2c70b7732fb1a9a61d7ce3d7290bc7b31ea28cbfb1dbc79d377835615b941f
SHA512 cadbf4db0417283a02febbabd337bf17b254a6eb6e771f8a553a140dd2b04efd0672b1f3175c044a3edd0a911ce59d6695f765555262560925f3159bb8f3b798

\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll

MD5 94173de2e35aa8d621fc1c4f54b2a082
SHA1 fbb2266ee47f88462560f0370edb329554cd5869
SHA256 7e2c70b7732fb1a9a61d7ce3d7290bc7b31ea28cbfb1dbc79d377835615b941f
SHA512 cadbf4db0417283a02febbabd337bf17b254a6eb6e771f8a553a140dd2b04efd0672b1f3175c044a3edd0a911ce59d6695f765555262560925f3159bb8f3b798

\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll

MD5 94173de2e35aa8d621fc1c4f54b2a082
SHA1 fbb2266ee47f88462560f0370edb329554cd5869
SHA256 7e2c70b7732fb1a9a61d7ce3d7290bc7b31ea28cbfb1dbc79d377835615b941f
SHA512 cadbf4db0417283a02febbabd337bf17b254a6eb6e771f8a553a140dd2b04efd0672b1f3175c044a3edd0a911ce59d6695f765555262560925f3159bb8f3b798

memory/4492-259-0x0000000000000000-mapping.dmp

memory/3676-265-0x00000000003B0000-0x00000000003C4000-memory.dmp

\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll

MD5 94173de2e35aa8d621fc1c4f54b2a082
SHA1 fbb2266ee47f88462560f0370edb329554cd5869
SHA256 7e2c70b7732fb1a9a61d7ce3d7290bc7b31ea28cbfb1dbc79d377835615b941f
SHA512 cadbf4db0417283a02febbabd337bf17b254a6eb6e771f8a553a140dd2b04efd0672b1f3175c044a3edd0a911ce59d6695f765555262560925f3159bb8f3b798

\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll

MD5 94173de2e35aa8d621fc1c4f54b2a082
SHA1 fbb2266ee47f88462560f0370edb329554cd5869
SHA256 7e2c70b7732fb1a9a61d7ce3d7290bc7b31ea28cbfb1dbc79d377835615b941f
SHA512 cadbf4db0417283a02febbabd337bf17b254a6eb6e771f8a553a140dd2b04efd0672b1f3175c044a3edd0a911ce59d6695f765555262560925f3159bb8f3b798

\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll

MD5 94173de2e35aa8d621fc1c4f54b2a082
SHA1 fbb2266ee47f88462560f0370edb329554cd5869
SHA256 7e2c70b7732fb1a9a61d7ce3d7290bc7b31ea28cbfb1dbc79d377835615b941f
SHA512 cadbf4db0417283a02febbabd337bf17b254a6eb6e771f8a553a140dd2b04efd0672b1f3175c044a3edd0a911ce59d6695f765555262560925f3159bb8f3b798

\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll

MD5 94173de2e35aa8d621fc1c4f54b2a082
SHA1 fbb2266ee47f88462560f0370edb329554cd5869
SHA256 7e2c70b7732fb1a9a61d7ce3d7290bc7b31ea28cbfb1dbc79d377835615b941f
SHA512 cadbf4db0417283a02febbabd337bf17b254a6eb6e771f8a553a140dd2b04efd0672b1f3175c044a3edd0a911ce59d6695f765555262560925f3159bb8f3b798

\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll

MD5 94173de2e35aa8d621fc1c4f54b2a082
SHA1 fbb2266ee47f88462560f0370edb329554cd5869
SHA256 7e2c70b7732fb1a9a61d7ce3d7290bc7b31ea28cbfb1dbc79d377835615b941f
SHA512 cadbf4db0417283a02febbabd337bf17b254a6eb6e771f8a553a140dd2b04efd0672b1f3175c044a3edd0a911ce59d6695f765555262560925f3159bb8f3b798

\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll

MD5 94173de2e35aa8d621fc1c4f54b2a082
SHA1 fbb2266ee47f88462560f0370edb329554cd5869
SHA256 7e2c70b7732fb1a9a61d7ce3d7290bc7b31ea28cbfb1dbc79d377835615b941f
SHA512 cadbf4db0417283a02febbabd337bf17b254a6eb6e771f8a553a140dd2b04efd0672b1f3175c044a3edd0a911ce59d6695f765555262560925f3159bb8f3b798

\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll

MD5 94173de2e35aa8d621fc1c4f54b2a082
SHA1 fbb2266ee47f88462560f0370edb329554cd5869
SHA256 7e2c70b7732fb1a9a61d7ce3d7290bc7b31ea28cbfb1dbc79d377835615b941f
SHA512 cadbf4db0417283a02febbabd337bf17b254a6eb6e771f8a553a140dd2b04efd0672b1f3175c044a3edd0a911ce59d6695f765555262560925f3159bb8f3b798

\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll

MD5 94173de2e35aa8d621fc1c4f54b2a082
SHA1 fbb2266ee47f88462560f0370edb329554cd5869
SHA256 7e2c70b7732fb1a9a61d7ce3d7290bc7b31ea28cbfb1dbc79d377835615b941f
SHA512 cadbf4db0417283a02febbabd337bf17b254a6eb6e771f8a553a140dd2b04efd0672b1f3175c044a3edd0a911ce59d6695f765555262560925f3159bb8f3b798

\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll

MD5 94173de2e35aa8d621fc1c4f54b2a082
SHA1 fbb2266ee47f88462560f0370edb329554cd5869
SHA256 7e2c70b7732fb1a9a61d7ce3d7290bc7b31ea28cbfb1dbc79d377835615b941f
SHA512 cadbf4db0417283a02febbabd337bf17b254a6eb6e771f8a553a140dd2b04efd0672b1f3175c044a3edd0a911ce59d6695f765555262560925f3159bb8f3b798

\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll

MD5 94173de2e35aa8d621fc1c4f54b2a082
SHA1 fbb2266ee47f88462560f0370edb329554cd5869
SHA256 7e2c70b7732fb1a9a61d7ce3d7290bc7b31ea28cbfb1dbc79d377835615b941f
SHA512 cadbf4db0417283a02febbabd337bf17b254a6eb6e771f8a553a140dd2b04efd0672b1f3175c044a3edd0a911ce59d6695f765555262560925f3159bb8f3b798

\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll

MD5 94173de2e35aa8d621fc1c4f54b2a082
SHA1 fbb2266ee47f88462560f0370edb329554cd5869
SHA256 7e2c70b7732fb1a9a61d7ce3d7290bc7b31ea28cbfb1dbc79d377835615b941f
SHA512 cadbf4db0417283a02febbabd337bf17b254a6eb6e771f8a553a140dd2b04efd0672b1f3175c044a3edd0a911ce59d6695f765555262560925f3159bb8f3b798

\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll

MD5 94173de2e35aa8d621fc1c4f54b2a082
SHA1 fbb2266ee47f88462560f0370edb329554cd5869
SHA256 7e2c70b7732fb1a9a61d7ce3d7290bc7b31ea28cbfb1dbc79d377835615b941f
SHA512 cadbf4db0417283a02febbabd337bf17b254a6eb6e771f8a553a140dd2b04efd0672b1f3175c044a3edd0a911ce59d6695f765555262560925f3159bb8f3b798

\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll

MD5 94173de2e35aa8d621fc1c4f54b2a082
SHA1 fbb2266ee47f88462560f0370edb329554cd5869
SHA256 7e2c70b7732fb1a9a61d7ce3d7290bc7b31ea28cbfb1dbc79d377835615b941f
SHA512 cadbf4db0417283a02febbabd337bf17b254a6eb6e771f8a553a140dd2b04efd0672b1f3175c044a3edd0a911ce59d6695f765555262560925f3159bb8f3b798

\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll

MD5 94173de2e35aa8d621fc1c4f54b2a082
SHA1 fbb2266ee47f88462560f0370edb329554cd5869
SHA256 7e2c70b7732fb1a9a61d7ce3d7290bc7b31ea28cbfb1dbc79d377835615b941f
SHA512 cadbf4db0417283a02febbabd337bf17b254a6eb6e771f8a553a140dd2b04efd0672b1f3175c044a3edd0a911ce59d6695f765555262560925f3159bb8f3b798

\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll

MD5 94173de2e35aa8d621fc1c4f54b2a082
SHA1 fbb2266ee47f88462560f0370edb329554cd5869
SHA256 7e2c70b7732fb1a9a61d7ce3d7290bc7b31ea28cbfb1dbc79d377835615b941f
SHA512 cadbf4db0417283a02febbabd337bf17b254a6eb6e771f8a553a140dd2b04efd0672b1f3175c044a3edd0a911ce59d6695f765555262560925f3159bb8f3b798

\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll

MD5 94173de2e35aa8d621fc1c4f54b2a082
SHA1 fbb2266ee47f88462560f0370edb329554cd5869
SHA256 7e2c70b7732fb1a9a61d7ce3d7290bc7b31ea28cbfb1dbc79d377835615b941f
SHA512 cadbf4db0417283a02febbabd337bf17b254a6eb6e771f8a553a140dd2b04efd0672b1f3175c044a3edd0a911ce59d6695f765555262560925f3159bb8f3b798

\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll

MD5 94173de2e35aa8d621fc1c4f54b2a082
SHA1 fbb2266ee47f88462560f0370edb329554cd5869
SHA256 7e2c70b7732fb1a9a61d7ce3d7290bc7b31ea28cbfb1dbc79d377835615b941f
SHA512 cadbf4db0417283a02febbabd337bf17b254a6eb6e771f8a553a140dd2b04efd0672b1f3175c044a3edd0a911ce59d6695f765555262560925f3159bb8f3b798

\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll

MD5 94173de2e35aa8d621fc1c4f54b2a082
SHA1 fbb2266ee47f88462560f0370edb329554cd5869
SHA256 7e2c70b7732fb1a9a61d7ce3d7290bc7b31ea28cbfb1dbc79d377835615b941f
SHA512 cadbf4db0417283a02febbabd337bf17b254a6eb6e771f8a553a140dd2b04efd0672b1f3175c044a3edd0a911ce59d6695f765555262560925f3159bb8f3b798

\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll

MD5 94173de2e35aa8d621fc1c4f54b2a082
SHA1 fbb2266ee47f88462560f0370edb329554cd5869
SHA256 7e2c70b7732fb1a9a61d7ce3d7290bc7b31ea28cbfb1dbc79d377835615b941f
SHA512 cadbf4db0417283a02febbabd337bf17b254a6eb6e771f8a553a140dd2b04efd0672b1f3175c044a3edd0a911ce59d6695f765555262560925f3159bb8f3b798

\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll

MD5 94173de2e35aa8d621fc1c4f54b2a082
SHA1 fbb2266ee47f88462560f0370edb329554cd5869
SHA256 7e2c70b7732fb1a9a61d7ce3d7290bc7b31ea28cbfb1dbc79d377835615b941f
SHA512 cadbf4db0417283a02febbabd337bf17b254a6eb6e771f8a553a140dd2b04efd0672b1f3175c044a3edd0a911ce59d6695f765555262560925f3159bb8f3b798

\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll

MD5 94173de2e35aa8d621fc1c4f54b2a082
SHA1 fbb2266ee47f88462560f0370edb329554cd5869
SHA256 7e2c70b7732fb1a9a61d7ce3d7290bc7b31ea28cbfb1dbc79d377835615b941f
SHA512 cadbf4db0417283a02febbabd337bf17b254a6eb6e771f8a553a140dd2b04efd0672b1f3175c044a3edd0a911ce59d6695f765555262560925f3159bb8f3b798

memory/3716-290-0x0000000000420000-0x0000000000434000-memory.dmp

\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll

MD5 94173de2e35aa8d621fc1c4f54b2a082
SHA1 fbb2266ee47f88462560f0370edb329554cd5869
SHA256 7e2c70b7732fb1a9a61d7ce3d7290bc7b31ea28cbfb1dbc79d377835615b941f
SHA512 cadbf4db0417283a02febbabd337bf17b254a6eb6e771f8a553a140dd2b04efd0672b1f3175c044a3edd0a911ce59d6695f765555262560925f3159bb8f3b798

memory/3168-270-0x0000000000360000-0x0000000000374000-memory.dmp

memory/3564-269-0x0000000000200000-0x0000000000214000-memory.dmp

memory/3448-268-0x00000000001F0000-0x0000000000204000-memory.dmp

memory/3892-263-0x0000000000000000-mapping.dmp

memory/4524-262-0x0000000000000000-mapping.dmp

memory/3932-261-0x0000000000000000-mapping.dmp

memory/4504-260-0x0000000000000000-mapping.dmp

memory/4356-316-0x00000000003F0000-0x0000000000404000-memory.dmp

memory/4836-315-0x0000000000340000-0x0000000000354000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2023-02-19 16:10

Reported

2023-02-19 16:17

Platform

win10v2004-20220812-de

Max time kernel

203s

Max time network

365s

Command Line

"C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe"

Signatures

ElysiumStealer

stealer elysiumstealer

ElysiumStealer Support DLL

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Desktop\VTProblem-VM (2).exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Desktop\VTProblem-VM (2).exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation N/A N/A
Key value queried \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Desktop\VTProblem-VM (2).exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Desktop\VTProblem-VM (2).exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Desktop\VTProblem-VM (2).exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Desktop\VTProblem-VM (2).exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation N/A N/A
Key value queried \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Desktop\VTProblem-VM (2).exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Desktop\VTProblem-VM (2).exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Desktop\VTProblem-VM (2).exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Desktop\VTProblem-VM (2).exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Desktop\VTProblem-VM (2).exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Desktop\VTProblem-VM (2).exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation N/A N/A
Key value queried \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Desktop\VTProblem-VM (2).exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Desktop\VTProblem-VM (2).exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Desktop\VTProblem-VM (2).exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Desktop\VTProblem-VM (2).exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Desktop\VTProblem-VM (2).exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Desktop\VTProblem-VM (2).exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation N/A N/A
Key value queried \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Desktop\VTProblem-VM (2).exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Desktop\VTProblem-VM (2).exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Desktop\VTProblem-VM (2).exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Desktop\VTProblem-VM (2).exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Desktop\VTProblem-VM (2).exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Desktop\VTProblem-VM (2).exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Desktop\VTProblem-VM (2).exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Desktop\VTProblem-VM (2).exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Desktop\VTProblem-VM (2).exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Desktop\VTProblem-VM (2).exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Desktop\VTProblem-VM (2).exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation N/A N/A
Key value queried \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Desktop\VTProblem-VM (2).exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Desktop\VTProblem-VM (2).exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Desktop\VTProblem-VM (2).exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Desktop\VTProblem-VM (2).exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Desktop\VTProblem-VM (2).exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Desktop\VTProblem-VM (2).exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Desktop\VTProblem-VM (2).exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Desktop\VTProblem-VM (2).exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Desktop\VTProblem-VM (2).exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Desktop\VTProblem-VM (2).exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Desktop\VTProblem-VM (2).exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Desktop\VTProblem-VM (2).exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Desktop\VTProblem-VM (2).exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Desktop\VTProblem-VM (2).exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation N/A N/A
Key value queried \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Desktop\VTProblem-VM (2).exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Desktop\VTProblem-VM (2).exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Desktop\VTProblem-VM (2).exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Desktop\VTProblem-VM (2).exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Desktop\VTProblem-VM (2).exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Desktop\VTProblem-VM (2).exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Desktop\VTProblem-VM (2).exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Desktop\VTProblem-VM (2).exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Desktop\VTProblem-VM (2).exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Desktop\VTProblem-VM (2).exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Desktop\VTProblem-VM (2).exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Desktop\VTProblem-VM (2).exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Desktop\VTProblem-VM (2).exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Desktop\VTProblem-VM (2).exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Desktop\VTProblem-VM (2).exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe N/A
N/A N/A C:\Users\Admin\Desktop\VTProblem-VM (2).exe N/A
N/A N/A C:\Users\Admin\Desktop\VTProblem-VM (2).exe N/A
N/A N/A C:\Users\Admin\Desktop\VTProblem-VM (2).exe N/A
N/A N/A C:\Users\Admin\Desktop\VTProblem-VM (2).exe N/A
N/A N/A C:\Users\Admin\Desktop\VTProblem-VM (2).exe N/A
N/A N/A C:\Users\Admin\Desktop\VTProblem-VM (2).exe N/A
N/A N/A C:\Users\Admin\Desktop\VTProblem-VM (2).exe N/A
N/A N/A C:\Users\Admin\Desktop\VTProblem-VM (2).exe N/A
N/A N/A C:\Users\Admin\Desktop\VTProblem-VM (2).exe N/A
N/A N/A C:\Users\Admin\Desktop\VTProblem-VM (2).exe N/A
N/A N/A C:\Users\Admin\Desktop\VTProblem-VM (2).exe N/A
N/A N/A C:\Users\Admin\Desktop\VTProblem-VM (2).exe N/A
N/A N/A C:\Users\Admin\Desktop\VTProblem-VM (2).exe N/A
N/A N/A C:\Users\Admin\Desktop\VTProblem-VM (2).exe N/A
N/A N/A C:\Users\Admin\Desktop\VTProblem-VM (2).exe N/A
N/A N/A C:\Users\Admin\Desktop\VTProblem-VM (2).exe N/A
N/A N/A C:\Users\Admin\Desktop\VTProblem-VM (2).exe N/A
N/A N/A C:\Users\Admin\Desktop\VTProblem-VM (2).exe N/A
N/A N/A C:\Users\Admin\Desktop\VTProblem-VM (2).exe N/A
N/A N/A C:\Users\Admin\Desktop\VTProblem-VM (2).exe N/A
N/A N/A C:\Users\Admin\Desktop\VTProblem-VM (2).exe N/A
N/A N/A C:\Users\Admin\Desktop\VTProblem-VM (2).exe N/A
N/A N/A C:\Users\Admin\Desktop\VTProblem-VM (2).exe N/A
N/A N/A C:\Users\Admin\Desktop\VTProblem-VM (2).exe N/A
N/A N/A C:\Users\Admin\Desktop\VTProblem-VM (2).exe N/A
N/A N/A C:\Users\Admin\Desktop\VTProblem-VM (2).exe N/A
N/A N/A C:\Users\Admin\Desktop\VTProblem-VM (2).exe N/A
N/A N/A C:\Users\Admin\Desktop\VTProblem-VM (2).exe N/A
N/A N/A C:\Users\Admin\Desktop\VTProblem-VM (2).exe N/A
N/A N/A C:\Users\Admin\Desktop\VTProblem-VM (2).exe N/A
N/A N/A C:\Users\Admin\Desktop\VTProblem-VM (2).exe N/A
N/A N/A C:\Users\Admin\Desktop\VTProblem-VM (2).exe N/A
N/A N/A C:\Users\Admin\Desktop\VTProblem-VM (2).exe N/A
N/A N/A C:\Users\Admin\Desktop\VTProblem-VM (2).exe N/A
N/A N/A C:\Users\Admin\Desktop\VTProblem-VM (2).exe N/A
N/A N/A C:\Users\Admin\Desktop\VTProblem-VM (2).exe N/A
N/A N/A C:\Users\Admin\Desktop\VTProblem-VM (2).exe N/A
N/A N/A C:\Users\Admin\Desktop\VTProblem-VM (2).exe N/A
N/A N/A C:\Users\Admin\Desktop\VTProblem-VM (2).exe N/A
N/A N/A C:\Users\Admin\Desktop\VTProblem-VM (2).exe N/A
N/A N/A C:\Users\Admin\Desktop\VTProblem-VM (2).exe N/A
N/A N/A C:\Users\Admin\Desktop\VTProblem-VM (2).exe N/A
N/A N/A C:\Users\Admin\Desktop\VTProblem-VM (2).exe N/A
N/A N/A C:\Users\Admin\Desktop\VTProblem-VM (2).exe N/A
N/A N/A C:\Users\Admin\Desktop\VTProblem-VM (2).exe N/A
N/A N/A C:\Users\Admin\Desktop\VTProblem-VM (2).exe N/A
N/A N/A C:\Users\Admin\Desktop\VTProblem-VM (2).exe N/A
N/A N/A C:\Users\Admin\Desktop\VTProblem-VM (2).exe N/A
N/A N/A C:\Users\Admin\Desktop\VTProblem-VM (2).exe N/A
N/A N/A C:\Users\Admin\Desktop\VTProblem-VM (2).exe N/A
N/A N/A C:\Users\Admin\Desktop\VTProblem-VM (2).exe N/A
N/A N/A C:\Users\Admin\Desktop\VTProblem-VM (2).exe N/A
N/A N/A N/A N/A
N/A N/A C:\Users\Admin\Desktop\VTProblem-VM (2).exe N/A
N/A N/A C:\Users\Admin\Desktop\VTProblem-VM (2).exe N/A
N/A N/A N/A N/A
N/A N/A C:\Users\Admin\Desktop\VTProblem-VM (2).exe N/A
N/A N/A N/A N/A
N/A N/A C:\Users\Admin\Desktop\VTProblem-VM (2).exe N/A
N/A N/A N/A N/A
N/A N/A C:\Users\Admin\Desktop\VTProblem-VM (2).exe N/A
N/A N/A C:\Users\Admin\Desktop\VTProblem-VM (2).exe N/A
N/A N/A C:\Users\Admin\Desktop\VTProblem-VM (2).exe N/A

Enumerates physical storage devices

Program crash

Description Indicator Process Target
N/A N/A N/A
N/A N/A N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\SysWOW64\Taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\SysWOW64\Taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\SysWOW64\Taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\SysWOW64\Taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\SysWOW64\Taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\SysWOW64\Taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\SysWOW64\Taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\SysWOW64\Taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\SysWOW64\Taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\SysWOW64\Taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\SysWOW64\Taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\SysWOW64\Taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\SysWOW64\Taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\SysWOW64\Taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\SysWOW64\Taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\SysWOW64\Taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\SysWOW64\Taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\SysWOW64\Taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\SysWOW64\Taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\SysWOW64\Taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\SysWOW64\Taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\SysWOW64\Taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\SysWOW64\Taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\SysWOW64\Taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\SysWOW64\Taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\SysWOW64\Taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\SysWOW64\Taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\SysWOW64\Taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\SysWOW64\Taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\SysWOW64\Taskmgr.exe N/A

Enumerates processes with tasklist

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\Local Settings C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 14002e8005398e082303024b98265d99428e115f0000 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\KnownFolderDerivedFolderType = "{885A186E-A440-4ADA-812B-DB871B942259}" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Downloads" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259} C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\Local Settings C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: 34 N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: 35 N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: 36 N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: 34 N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: 35 N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: 36 N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3716 wrote to memory of 4720 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3716 wrote to memory of 4720 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2348 wrote to memory of 4932 N/A C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe C:\Windows\SysWOW64\Taskmgr.exe
PID 2348 wrote to memory of 4932 N/A C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe C:\Windows\SysWOW64\Taskmgr.exe
PID 2348 wrote to memory of 4932 N/A C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe C:\Windows\SysWOW64\Taskmgr.exe
PID 2348 wrote to memory of 4944 N/A C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe C:\Windows\SysWOW64\cmd.exe
PID 2348 wrote to memory of 4944 N/A C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe C:\Windows\SysWOW64\cmd.exe
PID 2348 wrote to memory of 4944 N/A C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe C:\Windows\SysWOW64\cmd.exe
PID 4944 wrote to memory of 5088 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\Wbem\WMIC.exe
PID 4944 wrote to memory of 5088 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\Wbem\WMIC.exe
PID 4944 wrote to memory of 5088 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\Wbem\WMIC.exe
PID 4944 wrote to memory of 2968 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\Wbem\WMIC.exe
PID 4944 wrote to memory of 2968 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\Wbem\WMIC.exe
PID 4944 wrote to memory of 2968 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\Wbem\WMIC.exe
PID 4944 wrote to memory of 4264 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\Wbem\WMIC.exe
PID 4944 wrote to memory of 4264 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\Wbem\WMIC.exe
PID 4944 wrote to memory of 4264 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\Wbem\WMIC.exe
PID 4944 wrote to memory of 4328 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\Wbem\WMIC.exe
PID 4944 wrote to memory of 4328 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\Wbem\WMIC.exe
PID 4944 wrote to memory of 4328 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\Wbem\WMIC.exe
PID 3716 wrote to memory of 4680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3716 wrote to memory of 4680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3716 wrote to memory of 4680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3716 wrote to memory of 4680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3716 wrote to memory of 4680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3716 wrote to memory of 4680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3716 wrote to memory of 4680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3716 wrote to memory of 4680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3716 wrote to memory of 4680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3716 wrote to memory of 4680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3716 wrote to memory of 4680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3716 wrote to memory of 4680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3716 wrote to memory of 4680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3716 wrote to memory of 4680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3716 wrote to memory of 4680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3716 wrote to memory of 4680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3716 wrote to memory of 4680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3716 wrote to memory of 4680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3716 wrote to memory of 4680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3716 wrote to memory of 4680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3716 wrote to memory of 4680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3716 wrote to memory of 4680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3716 wrote to memory of 4680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3716 wrote to memory of 4680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3716 wrote to memory of 4680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3716 wrote to memory of 4680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3716 wrote to memory of 4680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3716 wrote to memory of 4680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3716 wrote to memory of 4680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3716 wrote to memory of 4680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3716 wrote to memory of 4680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3716 wrote to memory of 4680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3716 wrote to memory of 4680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3716 wrote to memory of 4680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3716 wrote to memory of 4680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3716 wrote to memory of 4680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3716 wrote to memory of 4680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3716 wrote to memory of 4680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3716 wrote to memory of 4680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3716 wrote to memory of 4680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3716 wrote to memory of 3612 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3716 wrote to memory of 3612 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3716 wrote to memory of 2316 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3716 wrote to memory of 2316 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe

"C:\Users\Admin\AppData\Local\Temp\VTProblem-VM (2).exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffca0dc4f50,0x7ffca0dc4f60,0x7ffca0dc4f70

C:\Windows\SysWOW64\Taskmgr.exe

"C:\Windows\System32\Taskmgr.exe"

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic baseboard get Manufacturer,Product,SerialNumber

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic CSPRODUCT get

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1552,863953847904152413,15552189360650861117,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1628 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1552,863953847904152413,15552189360650861117,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1992 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1552,863953847904152413,15552189360650861117,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2268 /prefetch:8

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1552,863953847904152413,15552189360650861117,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2936 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1552,863953847904152413,15552189360650861117,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3124 /prefetch:1

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1552,863953847904152413,15552189360650861117,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3620 /prefetch:1

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "tasklist

C:\Windows\SysWOW64\tasklist.exe

tasklist

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1552,863953847904152413,15552189360650861117,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3956 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1552,863953847904152413,15552189360650861117,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4468 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1552,863953847904152413,15552189360650861117,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4744 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1552,863953847904152413,15552189360650861117,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4448 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1552,863953847904152413,15552189360650861117,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5004 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1552,863953847904152413,15552189360650861117,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4672 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1552,863953847904152413,15552189360650861117,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5132 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1552,863953847904152413,15552189360650861117,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5124 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1552,863953847904152413,15552189360650861117,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5232 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1552,863953847904152413,15552189360650861117,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4592 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1552,863953847904152413,15552189360650861117,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5108 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1552,863953847904152413,15552189360650861117,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1552,863953847904152413,15552189360650861117,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2100 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1552,863953847904152413,15552189360650861117,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5124 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1552,863953847904152413,15552189360650861117,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2564 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1552,863953847904152413,15552189360650861117,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2176 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1552,863953847904152413,15552189360650861117,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5064 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1552,863953847904152413,15552189360650861117,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5184 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1552,863953847904152413,15552189360650861117,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4948 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1552,863953847904152413,15552189360650861117,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5648 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1552,863953847904152413,15552189360650861117,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5364 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1552,863953847904152413,15552189360650861117,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5020 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1552,863953847904152413,15552189360650861117,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5320 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1552,863953847904152413,15552189360650861117,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2964 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x300 0x45c

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1552,863953847904152413,15552189360650861117,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1552,863953847904152413,15552189360650861117,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3920 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1552,863953847904152413,15552189360650861117,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=808 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1552,863953847904152413,15552189360650861117,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5244 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1552,863953847904152413,15552189360650861117,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=812 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1552,863953847904152413,15552189360650861117,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5876 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\VideoLAN\VLC\vlc.exe

"C:\Program Files\VideoLAN\VLC\vlc.exe"

C:\Users\Admin\Desktop\VTProblem-VM (2).exe

"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"

C:\Windows\SysWOW64\Taskmgr.exe

"C:\Windows\System32\Taskmgr.exe"

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic baseboard get Manufacturer,Product,SerialNumber

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic CSPRODUCT get

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "tasklist

C:\Windows\SysWOW64\tasklist.exe

tasklist

C:\Users\Admin\Desktop\VTProblem-VM (2).exe

"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"

C:\Windows\SysWOW64\Taskmgr.exe

"C:\Windows\System32\Taskmgr.exe"

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic baseboard get Manufacturer,Product,SerialNumber

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic CSPRODUCT get

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "tasklist

C:\Windows\SysWOW64\tasklist.exe

tasklist

C:\Users\Admin\Desktop\VTProblem-VM (2).exe

"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"

C:\Windows\SysWOW64\Taskmgr.exe

"C:\Windows\System32\Taskmgr.exe"

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic baseboard get Manufacturer,Product,SerialNumber

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic CSPRODUCT get

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "tasklist

C:\Windows\SysWOW64\tasklist.exe

tasklist

C:\Users\Admin\Desktop\VTProblem-VM (2).exe

"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"

C:\Windows\SysWOW64\Taskmgr.exe

"C:\Windows\System32\Taskmgr.exe"

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic baseboard get Manufacturer,Product,SerialNumber

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic CSPRODUCT get

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "tasklist

C:\Windows\SysWOW64\tasklist.exe

tasklist

C:\Users\Admin\Desktop\VTProblem-VM (2).exe

"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"

C:\Users\Admin\Desktop\VTProblem-VM (2).exe

"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"

C:\Users\Admin\Desktop\VTProblem-VM (2).exe

"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"

C:\Windows\SysWOW64\Taskmgr.exe

"C:\Windows\System32\Taskmgr.exe"

C:\Users\Admin\Desktop\VTProblem-VM (2).exe

"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Users\Admin\Desktop\VTProblem-VM (2).exe

"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"

C:\Users\Admin\Desktop\VTProblem-VM (2).exe

"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"

C:\Users\Admin\Desktop\VTProblem-VM (2).exe

"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"

C:\Users\Admin\Desktop\VTProblem-VM (2).exe

"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"

C:\Users\Admin\Desktop\VTProblem-VM (2).exe

"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"

C:\Users\Admin\Desktop\VTProblem-VM (2).exe

"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"

C:\Users\Admin\Desktop\VTProblem-VM (2).exe

"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"

C:\Users\Admin\Desktop\VTProblem-VM (2).exe

"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"

C:\Users\Admin\Desktop\VTProblem-VM (2).exe

"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"

C:\Users\Admin\Desktop\VTProblem-VM (2).exe

"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"

C:\Users\Admin\Desktop\VTProblem-VM (2).exe

"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"

C:\Users\Admin\Desktop\VTProblem-VM (2).exe

"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"

C:\Users\Admin\Desktop\VTProblem-VM (2).exe

"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"

C:\Users\Admin\Desktop\VTProblem-VM (2).exe

"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"

C:\Windows\SysWOW64\Taskmgr.exe

"C:\Windows\System32\Taskmgr.exe"

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\Taskmgr.exe

"C:\Windows\System32\Taskmgr.exe"

C:\Windows\SysWOW64\Taskmgr.exe

"C:\Windows\System32\Taskmgr.exe"

C:\Users\Admin\Desktop\VTProblem-VM (2).exe

"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"

C:\Users\Admin\Desktop\VTProblem-VM (2).exe

"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"

C:\Users\Admin\Desktop\VTProblem-VM (2).exe

"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"

C:\Users\Admin\Desktop\VTProblem-VM (2).exe

"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"

C:\Windows\SysWOW64\Taskmgr.exe

"C:\Windows\System32\Taskmgr.exe"

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\Taskmgr.exe

"C:\Windows\System32\Taskmgr.exe"

C:\Windows\SysWOW64\Taskmgr.exe

"C:\Windows\System32\Taskmgr.exe"

C:\Windows\SysWOW64\Taskmgr.exe

"C:\Windows\System32\Taskmgr.exe"

C:\Users\Admin\Desktop\VTProblem-VM (2).exe

"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"

C:\Users\Admin\Desktop\VTProblem-VM (2).exe

"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"

C:\Users\Admin\Desktop\VTProblem-VM (2).exe

"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Users\Admin\Desktop\VTProblem-VM (2).exe

"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"

C:\Windows\SysWOW64\Taskmgr.exe

"C:\Windows\System32\Taskmgr.exe"

C:\Users\Admin\Desktop\VTProblem-VM (2).exe

"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Users\Admin\Desktop\VTProblem-VM (2).exe

"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\Taskmgr.exe

"C:\Windows\System32\Taskmgr.exe"

C:\Windows\SysWOW64\Taskmgr.exe

"C:\Windows\System32\Taskmgr.exe"

C:\Users\Admin\Desktop\VTProblem-VM (2).exe

"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"

C:\Users\Admin\Desktop\VTProblem-VM (2).exe

"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"

C:\Windows\SysWOW64\Taskmgr.exe

"C:\Windows\System32\Taskmgr.exe"

C:\Users\Admin\Desktop\VTProblem-VM (2).exe

"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\Taskmgr.exe

"C:\Windows\System32\Taskmgr.exe"

C:\Windows\SysWOW64\Taskmgr.exe

"C:\Windows\System32\Taskmgr.exe"

C:\Users\Admin\Desktop\VTProblem-VM (2).exe

"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"

C:\Windows\SysWOW64\Taskmgr.exe

"C:\Windows\System32\Taskmgr.exe"

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\Taskmgr.exe

"C:\Windows\System32\Taskmgr.exe"

C:\Windows\SysWOW64\Taskmgr.exe

"C:\Windows\System32\Taskmgr.exe"

C:\Windows\SysWOW64\Taskmgr.exe

"C:\Windows\System32\Taskmgr.exe"

C:\Windows\SysWOW64\Taskmgr.exe

"C:\Windows\System32\Taskmgr.exe"

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\Taskmgr.exe

"C:\Windows\System32\Taskmgr.exe"

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\Taskmgr.exe

"C:\Windows\System32\Taskmgr.exe"

C:\Windows\SysWOW64\Taskmgr.exe

"C:\Windows\System32\Taskmgr.exe"

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Users\Admin\Desktop\VTProblem-VM (2).exe

"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Users\Admin\Desktop\VTProblem-VM (2).exe

"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Users\Admin\Desktop\VTProblem-VM (2).exe

"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"

C:\Users\Admin\Desktop\VTProblem-VM (2).exe

"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"

C:\Users\Admin\Desktop\VTProblem-VM (2).exe

"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"

C:\Users\Admin\Desktop\VTProblem-VM (2).exe

"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version

C:\Users\Admin\Desktop\VTProblem-VM (2).exe

"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version

C:\Users\Admin\Desktop\VTProblem-VM (2).exe

"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\Taskmgr.exe

"C:\Windows\System32\Taskmgr.exe"

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\Taskmgr.exe

"C:\Windows\System32\Taskmgr.exe"

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version

C:\Users\Admin\Desktop\VTProblem-VM (2).exe

"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Users\Admin\Desktop\VTProblem-VM (2).exe

"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"

C:\Users\Admin\Desktop\VTProblem-VM (2).exe

"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"

C:\Windows\SysWOW64\Taskmgr.exe

"C:\Windows\System32\Taskmgr.exe"

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\Taskmgr.exe

"C:\Windows\System32\Taskmgr.exe"

C:\Windows\SysWOW64\Taskmgr.exe

"C:\Windows\System32\Taskmgr.exe"

C:\Windows\SysWOW64\Taskmgr.exe

"C:\Windows\System32\Taskmgr.exe"

C:\Windows\SysWOW64\Taskmgr.exe

"C:\Windows\System32\Taskmgr.exe"

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version

C:\Users\Admin\Desktop\VTProblem-VM (2).exe

"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"

C:\Users\Admin\Desktop\VTProblem-VM (2).exe

"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\Taskmgr.exe

"C:\Windows\System32\Taskmgr.exe"

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\Taskmgr.exe

"C:\Windows\System32\Taskmgr.exe"

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\Taskmgr.exe

"C:\Windows\System32\Taskmgr.exe"

C:\Windows\SysWOW64\Taskmgr.exe

"C:\Windows\System32\Taskmgr.exe"

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\Taskmgr.exe

"C:\Windows\System32\Taskmgr.exe"

C:\Windows\SysWOW64\Taskmgr.exe

"C:\Windows\System32\Taskmgr.exe"

C:\Windows\SysWOW64\Taskmgr.exe

"C:\Windows\System32\Taskmgr.exe"

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version

C:\Windows\SysWOW64\Taskmgr.exe

"C:\Windows\System32\Taskmgr.exe"

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\Taskmgr.exe

"C:\Windows\System32\Taskmgr.exe"

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic baseboard get Manufacturer,Product,SerialNumber

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\Taskmgr.exe

"C:\Windows\System32\Taskmgr.exe"

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Users\Admin\Desktop\VTProblem-VM (2).exe

"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"

C:\Windows\SysWOW64\Taskmgr.exe

"C:\Windows\System32\Taskmgr.exe"

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\Taskmgr.exe

"C:\Windows\System32\Taskmgr.exe"

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version

C:\Windows\SysWOW64\Taskmgr.exe

"C:\Windows\System32\Taskmgr.exe"

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version

C:\Users\Admin\Desktop\VTProblem-VM (2).exe

"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Users\Admin\Desktop\VTProblem-VM (2).exe

"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"

C:\Windows\SysWOW64\Taskmgr.exe

"C:\Windows\System32\Taskmgr.exe"

C:\Windows\SysWOW64\Taskmgr.exe

"C:\Windows\System32\Taskmgr.exe"

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\Taskmgr.exe

"C:\Windows\System32\Taskmgr.exe"

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic baseboard get Manufacturer,Product,SerialNumber

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic baseboard get Manufacturer,Product,SerialNumber

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic baseboard get Manufacturer,Product,SerialNumber

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\Taskmgr.exe

"C:\Windows\System32\Taskmgr.exe"

C:\Windows\SysWOW64\Taskmgr.exe

"C:\Windows\System32\Taskmgr.exe"

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic baseboard get Manufacturer,Product,SerialNumber

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\Taskmgr.exe

"C:\Windows\System32\Taskmgr.exe"

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic baseboard get Manufacturer,Product,SerialNumber

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic baseboard get Manufacturer,Product,SerialNumber

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic baseboard get Manufacturer,Product,SerialNumber

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic baseboard get Manufacturer,Product,SerialNumber

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic baseboard get Manufacturer,Product,SerialNumber

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic baseboard get Manufacturer,Product,SerialNumber

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic baseboard get Manufacturer,Product,SerialNumber

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic baseboard get Manufacturer,Product,SerialNumber

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic baseboard get Manufacturer,Product,SerialNumber

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic baseboard get Manufacturer,Product,SerialNumber

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic baseboard get Manufacturer,Product,SerialNumber

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic baseboard get Manufacturer,Product,SerialNumber

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic baseboard get Manufacturer,Product,SerialNumber

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic baseboard get Manufacturer,Product,SerialNumber

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic baseboard get Manufacturer,Product,SerialNumber

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic baseboard get Manufacturer,Product,SerialNumber

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic baseboard get Manufacturer,Product,SerialNumber

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic baseboard get Manufacturer,Product,SerialNumber

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic baseboard get Manufacturer,Product,SerialNumber

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic baseboard get Manufacturer,Product,SerialNumber

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic baseboard get Manufacturer,Product,SerialNumber

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic baseboard get Manufacturer,Product,SerialNumber

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic baseboard get Manufacturer,Product,SerialNumber

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic baseboard get Manufacturer,Product,SerialNumber

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic baseboard get Manufacturer,Product,SerialNumber

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic baseboard get Manufacturer,Product,SerialNumber

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic baseboard get Manufacturer,Product,SerialNumber

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic baseboard get Manufacturer,Product,SerialNumber

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic baseboard get Manufacturer,Product,SerialNumber

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic baseboard get Manufacturer,Product,SerialNumber

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic baseboard get Manufacturer,Product,SerialNumber

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic baseboard get Manufacturer,Product,SerialNumber

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic baseboard get Manufacturer,Product,SerialNumber

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic baseboard get Manufacturer,Product,SerialNumber

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic baseboard get Manufacturer,Product,SerialNumber

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic baseboard get Manufacturer,Product,SerialNumber

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic baseboard get Manufacturer,Product,SerialNumber

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic baseboard get Manufacturer,Product,SerialNumber

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic baseboard get Manufacturer,Product,SerialNumber

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic baseboard get Manufacturer,Product,SerialNumber

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic baseboard get Manufacturer,Product,SerialNumber

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic baseboard get Manufacturer,Product,SerialNumber

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic baseboard get Manufacturer,Product,SerialNumber

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic CSPRODUCT get

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic CSPRODUCT get

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic CSPRODUCT get

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic CSPRODUCT get

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic CSPRODUCT get

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic CSPRODUCT get

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic CSPRODUCT get

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic CSPRODUCT get

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic CSPRODUCT get

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic CSPRODUCT get

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic CSPRODUCT get

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic CSPRODUCT get

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic CSPRODUCT get

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic CSPRODUCT get

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic CSPRODUCT get

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic CSPRODUCT get

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic CSPRODUCT get

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic CSPRODUCT get

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic CSPRODUCT get

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic CSPRODUCT get

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic CSPRODUCT get

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic CSPRODUCT get

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic CSPRODUCT get

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic CSPRODUCT get

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic CSPRODUCT get

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic CSPRODUCT get

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic CSPRODUCT get

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic CSPRODUCT get

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic CSPRODUCT get

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic CSPRODUCT get

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic CSPRODUCT get

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic CSPRODUCT get

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic CSPRODUCT get

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic CSPRODUCT get

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic CSPRODUCT get

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic CSPRODUCT get

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic CSPRODUCT get

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic CSPRODUCT get

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic CSPRODUCT get

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic CSPRODUCT get

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic CSPRODUCT get

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic CSPRODUCT get

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic CSPRODUCT get

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic CSPRODUCT get

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic CSPRODUCT get

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic CSPRODUCT get

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic CSPRODUCT get

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic CSPRODUCT get

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Users\Admin\Desktop\VTProblem-VM (2).exe

"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Users\Admin\Desktop\VTProblem-VM (2).exe

"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Users\Admin\Desktop\VTProblem-VM (2).exe

"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\Desktop\VTProblem-VM (2).exe

"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"

C:\Users\Admin\Desktop\VTProblem-VM (2).exe

"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"

C:\Users\Admin\Desktop\VTProblem-VM (2).exe

"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"

C:\Users\Admin\Desktop\VTProblem-VM (2).exe

"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "tasklist

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "tasklist

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Users\Admin\Desktop\VTProblem-VM (2).exe

"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"

C:\Users\Admin\Desktop\VTProblem-VM (2).exe

"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"

C:\Users\Admin\Desktop\VTProblem-VM (2).exe

"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "tasklist

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Users\Admin\Desktop\VTProblem-VM (2).exe

"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"

C:\Users\Admin\Desktop\VTProblem-VM (2).exe

"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"

C:\Users\Admin\Desktop\VTProblem-VM (2).exe

"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "tasklist

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Users\Admin\Desktop\VTProblem-VM (2).exe

"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "tasklist

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Users\Admin\Desktop\VTProblem-VM (2).exe

"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "tasklist

C:\Windows\SysWOW64\tasklist.exe

tasklist

C:\Windows\SysWOW64\tasklist.exe

tasklist

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "tasklist

C:\Users\Admin\Desktop\VTProblem-VM (2).exe

"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"

C:\Users\Admin\Desktop\VTProblem-VM (2).exe

"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"

C:\Users\Admin\Desktop\VTProblem-VM (2).exe

"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"

C:\Windows\SysWOW64\tasklist.exe

tasklist

C:\Windows\SysWOW64\Taskmgr.exe

"C:\Windows\System32\Taskmgr.exe"

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Users\Admin\Desktop\VTProblem-VM (2).exe

"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\Taskmgr.exe

"C:\Windows\System32\Taskmgr.exe"

C:\Windows\SysWOW64\tasklist.exe

tasklist

C:\Users\Admin\Desktop\VTProblem-VM (2).exe

"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "tasklist

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "tasklist

C:\Windows\SysWOW64\Taskmgr.exe

"C:\Windows\System32\Taskmgr.exe"

C:\Users\Admin\Desktop\VTProblem-VM (2).exe

"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"

C:\Users\Admin\Desktop\VTProblem-VM (2).exe

"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"

C:\Windows\SysWOW64\tasklist.exe

tasklist

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "tasklist

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "tasklist

C:\Windows\SysWOW64\tasklist.exe

tasklist

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\Taskmgr.exe

"C:\Windows\System32\Taskmgr.exe"

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "tasklist

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\Taskmgr.exe

"C:\Windows\System32\Taskmgr.exe"

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Users\Admin\Desktop\VTProblem-VM (2).exe

"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"

C:\Windows\SysWOW64\Taskmgr.exe

"C:\Windows\System32\Taskmgr.exe"

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "tasklist

C:\Windows\SysWOW64\Taskmgr.exe

"C:\Windows\System32\Taskmgr.exe"

C:\Users\Admin\Desktop\VTProblem-VM (2).exe

"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"

C:\Windows\SysWOW64\Taskmgr.exe

"C:\Windows\System32\Taskmgr.exe"

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\Taskmgr.exe

"C:\Windows\System32\Taskmgr.exe"

C:\Users\Admin\Desktop\VTProblem-VM (2).exe

"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"

C:\Windows\SysWOW64\Taskmgr.exe

"C:\Windows\System32\Taskmgr.exe"

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "tasklist

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "tasklist

C:\Users\Admin\Desktop\VTProblem-VM (2).exe

"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "tasklist

C:\Users\Admin\Desktop\VTProblem-VM (2).exe

"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"

C:\Windows\SysWOW64\Taskmgr.exe

"C:\Windows\System32\Taskmgr.exe"

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "tasklist

C:\Windows\SysWOW64\tasklist.exe

tasklist

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "tasklist

C:\Users\Admin\Desktop\VTProblem-VM (2).exe

"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version

C:\Windows\SysWOW64\tasklist.exe

tasklist

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "tasklist

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version

C:\Windows\SysWOW64\Taskmgr.exe

"C:\Windows\System32\Taskmgr.exe"

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\tasklist.exe

tasklist

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version

C:\Windows\SysWOW64\tasklist.exe

tasklist

C:\Windows\SysWOW64\tasklist.exe

tasklist

C:\Windows\SysWOW64\tasklist.exe

tasklist

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version

C:\Windows\SysWOW64\tasklist.exe

tasklist

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version

C:\Windows\SysWOW64\Taskmgr.exe

"C:\Windows\System32\Taskmgr.exe"

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version

C:\Users\Admin\Desktop\VTProblem-VM (2).exe

"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"

C:\Windows\SysWOW64\Taskmgr.exe

"C:\Windows\System32\Taskmgr.exe"

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "tasklist

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "tasklist

C:\Windows\SysWOW64\Taskmgr.exe

"C:\Windows\System32\Taskmgr.exe"

C:\Windows\SysWOW64\tasklist.exe

tasklist

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\tasklist.exe

tasklist

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\tasklist.exe

tasklist

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\Taskmgr.exe

"C:\Windows\System32\Taskmgr.exe"

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version

C:\Windows\SysWOW64\Taskmgr.exe

"C:\Windows\System32\Taskmgr.exe"

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "tasklist

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version

C:\Users\Admin\Desktop\VTProblem-VM (2).exe

"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "tasklist

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "tasklist

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "tasklist

C:\Windows\SysWOW64\tasklist.exe

tasklist

C:\Windows\SysWOW64\Taskmgr.exe

"C:\Windows\System32\Taskmgr.exe"

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "tasklist

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "tasklist

C:\Users\Admin\Desktop\VTProblem-VM (2).exe

"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"

C:\Windows\SysWOW64\tasklist.exe

tasklist

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\Taskmgr.exe

"C:\Windows\System32\Taskmgr.exe"

C:\Windows\SysWOW64\tasklist.exe

tasklist

C:\Windows\SysWOW64\tasklist.exe

tasklist

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\tasklist.exe

tasklist

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "tasklist

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "tasklist

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "tasklist

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\Taskmgr.exe

"C:\Windows\System32\Taskmgr.exe"

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "tasklist

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\Taskmgr.exe

"C:\Windows\System32\Taskmgr.exe"

C:\Windows\SysWOW64\Taskmgr.exe

"C:\Windows\System32\Taskmgr.exe"

C:\Windows\SysWOW64\Taskmgr.exe

"C:\Windows\System32\Taskmgr.exe"

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version

C:\Windows\SysWOW64\tasklist.exe

tasklist

C:\Windows\SysWOW64\tasklist.exe

tasklist

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version

C:\Windows\SysWOW64\tasklist.exe

tasklist

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\Taskmgr.exe

"C:\Windows\System32\Taskmgr.exe"

C:\Windows\SysWOW64\tasklist.exe

tasklist

C:\Windows\SysWOW64\tasklist.exe

tasklist

C:\Users\Admin\Desktop\VTProblem-VM (2).exe

"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"

C:\Windows\SysWOW64\tasklist.exe

tasklist

C:\Windows\SysWOW64\Taskmgr.exe

"C:\Windows\System32\Taskmgr.exe"

C:\Windows\SysWOW64\Taskmgr.exe

"C:\Windows\System32\Taskmgr.exe"

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "tasklist

C:\Windows\SysWOW64\Taskmgr.exe

"C:\Windows\System32\Taskmgr.exe"

C:\Windows\SysWOW64\tasklist.exe

tasklist

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "tasklist

C:\Windows\SysWOW64\tasklist.exe

tasklist

C:\Windows\SysWOW64\tasklist.exe

tasklist

C:\Windows\SysWOW64\tasklist.exe

tasklist

C:\Users\Admin\Desktop\VTProblem-VM (2).exe

"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"

C:\Windows\SysWOW64\tasklist.exe

tasklist

C:\Windows\SysWOW64\tasklist.exe

tasklist

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version

C:\Windows\SysWOW64\tasklist.exe

tasklist

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "tasklist

C:\Users\Admin\Desktop\VTProblem-VM (2).exe

"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"

C:\Windows\SysWOW64\tasklist.exe

tasklist

C:\Windows\SysWOW64\tasklist.exe

tasklist

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version

C:\Users\Admin\Desktop\VTProblem-VM (2).exe

"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "tasklist

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\Taskmgr.exe

"C:\Windows\System32\Taskmgr.exe"

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "tasklist

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "tasklist

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version

C:\Windows\SysWOW64\tasklist.exe

tasklist

C:\Users\Admin\Desktop\VTProblem-VM (2).exe

"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"

C:\Windows\SysWOW64\tasklist.exe

tasklist

C:\Windows\SysWOW64\tasklist.exe

tasklist

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version

C:\Windows\SysWOW64\Taskmgr.exe

"C:\Windows\System32\Taskmgr.exe"

C:\Windows\SysWOW64\tasklist.exe

tasklist

C:\Windows\SysWOW64\tasklist.exe

tasklist

C:\Windows\SysWOW64\Taskmgr.exe

"C:\Windows\System32\Taskmgr.exe"

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\tasklist.exe

tasklist

C:\Windows\SysWOW64\tasklist.exe

tasklist

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "tasklist

C:\Windows\SysWOW64\Taskmgr.exe

"C:\Windows\System32\Taskmgr.exe"

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version

C:\Windows\SysWOW64\Taskmgr.exe

"C:\Windows\System32\Taskmgr.exe"

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "tasklist

C:\Users\Admin\Desktop\VTProblem-VM (2).exe

"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "tasklist

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "tasklist

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "tasklist

C:\Windows\SysWOW64\tasklist.exe

tasklist

C:\Windows\SysWOW64\tasklist.exe

tasklist

C:\Users\Admin\Desktop\VTProblem-VM (2).exe

"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "tasklist

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "tasklist

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "tasklist

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\Taskmgr.exe

"C:\Windows\System32\Taskmgr.exe"

C:\Users\Admin\Desktop\VTProblem-VM (2).exe

"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic baseboard get Manufacturer,Product,SerialNumber

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "tasklist

C:\Users\Admin\Desktop\VTProblem-VM (2).exe

"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version

C:\Windows\SysWOW64\Taskmgr.exe

"C:\Windows\System32\Taskmgr.exe"

C:\Windows\SysWOW64\tasklist.exe

tasklist

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "tasklist

C:\Windows\SysWOW64\Taskmgr.exe

"C:\Windows\System32\Taskmgr.exe"

C:\Windows\SysWOW64\Taskmgr.exe

"C:\Windows\System32\Taskmgr.exe"

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "tasklist

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic baseboard get Manufacturer,Product,SerialNumber

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic baseboard get Manufacturer,Product,SerialNumber

C:\Users\Admin\Desktop\VTProblem-VM (2).exe

"C:\Users\Admin\Desktop\VTProblem-VM (2).exe"

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic baseboard get Manufacturer,Product,SerialNumber

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\Taskmgr.exe

"C:\Windows\System32\Taskmgr.exe"

C:\Windows\SysWOW64\tasklist.exe

tasklist

C:\Windows\SysWOW64\Taskmgr.exe

"C:\Windows\System32\Taskmgr.exe"

C:\Windows\SysWOW64\Taskmgr.exe

"C:\Windows\System32\Taskmgr.exe"

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic baseboard get Manufacturer,Product,SerialNumber

C:\Windows\SysWOW64\Taskmgr.exe

"C:\Windows\System32\Taskmgr.exe"

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic baseboard get Manufacturer,Product,SerialNumber

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version

C:\Windows\SysWOW64\tasklist.exe

tasklist

C:\Windows\SysWOW64\Taskmgr.exe

"C:\Windows\System32\Taskmgr.exe"

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version&wmic baseboard get Manufacturer,Product,SerialNumber & wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version & wmic CSPRODUCT get &wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed & wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic baseboard get Manufacturer,Product,SerialNumber

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic baseboard get Manufacturer,Product,SerialNumber

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic baseboard get Manufacturer,Product,SerialNumber

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic baseboard get Manufacturer,Product,SerialNumber

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic cpu get Architecture, Caption, Characteristics, Description, Family, L2CacheSize, L3CacheSize, Manufacturer, Name, ProcessorId, Version

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic baseboard get Manufacturer,Product,SerialNumber

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic baseboard get Manufacturer,Product,SerialNumber

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic baseboard get Manufacturer,Product,SerialNumber

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic baseboard get Manufacturer,Product,SerialNumber

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic baseboard get Manufacturer,Product,SerialNumber

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic baseboard get Manufacturer,Product,SerialNumber

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic baseboard get Manufacturer,Product,SerialNumber

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic baseboard get Manufacturer,Product,SerialNumber

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic baseboard get Manufacturer,Product,SerialNumber

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic baseboard get Manufacturer,Product,SerialNumber

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic baseboard get Manufacturer,Product,SerialNumber

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic baseboard get Manufacturer,Product,SerialNumber

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic baseboard get Manufacturer,Product,SerialNumber

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic baseboard get Manufacturer,Product,SerialNumber

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic baseboard get Manufacturer,Product,SerialNumber

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic baseboard get Manufacturer,Product,SerialNumber

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic baseboard get Manufacturer,Product,SerialNumber

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic baseboard get Manufacturer,Product,SerialNumber

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic baseboard get Manufacturer,Product,SerialNumber

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic baseboard get Manufacturer,Product,SerialNumber

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic baseboard get Manufacturer,Product,SerialNumber

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic baseboard get Manufacturer,Product,SerialNumber

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic baseboard get Manufacturer,Product,SerialNumber

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic baseboard get Manufacturer,Product,SerialNumber

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic baseboard get Manufacturer,Product,SerialNumber

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic baseboard get Manufacturer,Product,SerialNumber

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic baseboard get Manufacturer,Product,SerialNumber

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic baseboard get Manufacturer,Product,SerialNumber

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic baseboard get Manufacturer,Product,SerialNumber

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic baseboard get Manufacturer,Product,SerialNumber

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic baseboard get Manufacturer,Product,SerialNumber

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic CSPRODUCT get

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic CSPRODUCT get

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic CSPRODUCT get

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic CSPRODUCT get

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic CSPRODUCT get

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic CSPRODUCT get

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic CSPRODUCT get

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic bios get BIOSVersion,Caption,CurrentLanguage,Description,Manufacturer,ReleaseDate,SerialNumber,Version

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic CSPRODUCT get

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic CSPRODUCT get

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic CSPRODUCT get

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic CSPRODUCT get

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic CSPRODUCT get

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic CSPRODUCT get

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic CSPRODUCT get

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic CSPRODUCT get

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic CSPRODUCT get

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic CSPRODUCT get

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic CSPRODUCT get

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic CSPRODUCT get

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic CSPRODUCT get

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic CSPRODUCT get

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic CSPRODUCT get

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic CSPRODUCT get

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic CSPRODUCT get

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic CSPRODUCT get

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic CSPRODUCT get

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic CSPRODUCT get

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic CSPRODUCT get

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic CSPRODUCT get

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic CSPRODUCT get

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic CSPRODUCT get

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic CSPRODUCT get

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic CSPRODUCT get

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic CSPRODUCT get

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic CSPRODUCT get

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic CSPRODUCT get

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic CSPRODUCT get

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic CSPRODUCT get

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic CSPRODUCT get

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic CSPRODUCT get

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic CSPRODUCT get

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic MEMORYCHIP get BankLabel,Capacity,ConfiguredClockSpeed,ConfiguredVoltage,Manufacturer,PartNumber,SerialNumber,TypeDetail,Speed

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "tasklist

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "tasklist

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "tasklist

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "tasklist

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "tasklist

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "tasklist

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "tasklist

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\tasklist.exe

tasklist

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "tasklist

C:\Windows\SysWOW64\tasklist.exe

tasklist

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic DISKDRIVE get Caption,DeviceID,FirmwareRevision,Model,PNPDeviceID,SerialNumber,Size,TotalCylinders,TotalSectors,TotalTracks

C:\Windows\SysWOW64\tasklist.exe

tasklist

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "tasklist

C:\Windows\SysWOW64\tasklist.exe

tasklist

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "tasklist

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "tasklist

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\tasklist.exe

tasklist

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "tasklist

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "tasklist

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "tasklist

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "tasklist

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "tasklist

C:\Windows\SysWOW64\tasklist.exe

tasklist

C:\Windows\SysWOW64\tasklist.exe

tasklist

C:\Windows\SysWOW64\tasklist.exe

tasklist

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "tasklist

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 clients2.google.com udp
NL 142.251.36.45:443 accounts.google.com tcp
NL 172.217.168.238:443 clients2.google.com tcp
US 8.8.8.8:53 edgedl.me.gvt1.com udp
US 34.104.35.123:80 edgedl.me.gvt1.com tcp
US 8.8.8.8:53 api.telegram.org udp
US 8.8.8.8:53 apis.google.com udp
GB 216.58.208.110:443 apis.google.com tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:53 google.com udp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
US 8.8.8.8:443 dns.google tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
GB 216.58.208.99:443 ssl.gstatic.com tcp
US 67.26.109.254:80 tcp
NL 8.238.21.254:80 tcp
US 67.26.109.254:80 tcp
US 67.26.109.254:80 tcp
US 13.107.21.200:443 tcp
US 13.107.21.200:443 tcp
US 8.8.8.8:53 r.bing.com udp
NL 95.101.74.148:443 r.bing.com tcp
US 204.79.197.200:443 www.bing.com tcp
NL 142.251.36.14:443 encrypted-tbn0.gstatic.com tcp
NL 142.251.36.14:443 tcp
NL 142.251.36.14:443 tcp
NL 142.251.36.14:443 tcp
NL 142.251.36.14:443 tcp
NL 142.251.36.14:443 tcp
US 8.8.8.8:53 moiawsorigin.clo.footprintdns.com udp
US 8.8.8.8:53 moiawsorigin.clo.footprintdns.com udp
NL 172.217.168.202:443 tcp
GB 216.58.208.99:443 ssl.gstatic.com tcp
NL 142.251.39.110:443 tcp
NL 142.251.39.110:443 tcp
NL 142.251.39.110:443 encrypted-tbn2.gstatic.com tcp
US 199.232.194.133:443 tcp
US 151.101.1.164:443 tcp
US 151.101.1.16:443 m.media-amazon.com tcp
NL 142.250.179.163:443 update.googleapis.com tcp
US 8.8.8.8:53 edgedl.me.gvt1.com udp
US 34.104.35.123:80 edgedl.me.gvt1.com tcp
NL 216.58.214.3:443 beacons.gcp.gvt2.com tcp
US 13.107.21.200:443 www.bing.com tcp
US 8.8.8.8:53 moiafdazure.clo.footprintdns.com udp
US 13.107.246.254:443 moiafdazure.clo.footprintdns.com tcp
US 8.8.8.8:53 a-ring-fallback.msedge.net udp
US 131.253.33.254:443 a-ring-fallback.msedge.net tcp
US 8.8.8.8:53 api.telegram.org udp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
US 8.8.8.8:53 google.com udp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
US 8.8.8.8:53 api.telegram.org udp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp

Files

memory/2348-132-0x0000000000EB0000-0x0000000000EF0000-memory.dmp

memory/2348-133-0x0000000005E20000-0x00000000063C4000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll

MD5 94173de2e35aa8d621fc1c4f54b2a082
SHA1 fbb2266ee47f88462560f0370edb329554cd5869
SHA256 7e2c70b7732fb1a9a61d7ce3d7290bc7b31ea28cbfb1dbc79d377835615b941f
SHA512 cadbf4db0417283a02febbabd337bf17b254a6eb6e771f8a553a140dd2b04efd0672b1f3175c044a3edd0a911ce59d6695f765555262560925f3159bb8f3b798

memory/4932-135-0x0000000000000000-mapping.dmp

memory/4944-136-0x0000000000000000-mapping.dmp

memory/5088-137-0x0000000000000000-mapping.dmp

memory/2968-138-0x0000000000000000-mapping.dmp

memory/4264-139-0x0000000000000000-mapping.dmp

memory/4328-140-0x0000000000000000-mapping.dmp

\??\pipe\crashpad_3716_MLRDPOHIFONYEOXX

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

memory/760-142-0x0000000000000000-mapping.dmp

memory/3920-143-0x0000000000000000-mapping.dmp

memory/4808-144-0x0000000000000000-mapping.dmp

memory/3044-145-0x0000000000000000-mapping.dmp

memory/2348-146-0x0000000006970000-0x0000000006A02000-memory.dmp

memory/2348-147-0x00000000085E0000-0x00000000086E4000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\Caches

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Windows\Caches

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\VTProblem-VM (2).exe.log

MD5 68210ac86590d0ea9ffa04671036ecf3
SHA1 fbda2894df40e613bafe99e39f76f8fce11ccffa
SHA256 3e35b35f99745a7a97e4fd81be55ab4a396cab57aeeff6de2c999cbcc03deae5
SHA512 c8f9dbd69b4444e93b738e7ded21125b79ed3b28ebbd154cf250768ee62f6c3f016a1db4a9c1dbb4b5f7dca878182a90c83a9a9f7051ef2be7aecce81be20b12

C:\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll

MD5 94173de2e35aa8d621fc1c4f54b2a082
SHA1 fbb2266ee47f88462560f0370edb329554cd5869
SHA256 7e2c70b7732fb1a9a61d7ce3d7290bc7b31ea28cbfb1dbc79d377835615b941f
SHA512 cadbf4db0417283a02febbabd337bf17b254a6eb6e771f8a553a140dd2b04efd0672b1f3175c044a3edd0a911ce59d6695f765555262560925f3159bb8f3b798

C:\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll

MD5 94173de2e35aa8d621fc1c4f54b2a082
SHA1 fbb2266ee47f88462560f0370edb329554cd5869
SHA256 7e2c70b7732fb1a9a61d7ce3d7290bc7b31ea28cbfb1dbc79d377835615b941f
SHA512 cadbf4db0417283a02febbabd337bf17b254a6eb6e771f8a553a140dd2b04efd0672b1f3175c044a3edd0a911ce59d6695f765555262560925f3159bb8f3b798

memory/2992-153-0x0000000000000000-mapping.dmp

memory/4184-154-0x0000000000000000-mapping.dmp

memory/5556-155-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\D3DSCache\3e2651cb230b5698\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

MD5 399468c9f1ba0079d0363c8d29104113
SHA1 eccbdbf52ebceafe91e255668c7f31609f7af914
SHA256 fdaa3062dfd314b5834a803ba0ddcffd5afedaab39300415db27ebe0c3289d25
SHA512 7b4efc9378f9edf6268da46e9dd41fcee87d9af43c53916bb17713b9270f10bd76073b4b76e3e17a7b02bb6a46caa95d412ddb51263df78ee8e698ea4ce1e8a7

C:\Users\Admin\AppData\Local\D3DSCache\3e2651cb230b5698\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

MD5 956714757f0c01587d52367ff646889d
SHA1 5532e1a7fb97abd8c267812f34892414b74ce24f
SHA256 e70c02a9df8d4a65b124fcd6a4070b18f04577f237be158af9ccfb6853059394
SHA512 d7d3a1030d4030e9c1b98b22ade13163a654e814ffaff364569893cb0d2dfda86808df262809f4fe5c41b78874f609febb0ef9a5d19e1b8c87c12203c1a20573

memory/3652-156-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\D3DSCache\3e2651cb230b5698\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

MD5 f49655f856acb8884cc0ace29216f511
SHA1 cb0f1f87ec0455ec349aaa950c600475ac7b7b6b
SHA256 7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba
SHA512 599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

memory/5612-160-0x0000000000000000-mapping.dmp

memory/5712-161-0x0000000000000000-mapping.dmp

memory/5828-162-0x0000000000000000-mapping.dmp

memory/5844-163-0x0000000000000000-mapping.dmp

memory/4536-164-0x0000000000000000-mapping.dmp

memory/5768-165-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll

MD5 94173de2e35aa8d621fc1c4f54b2a082
SHA1 fbb2266ee47f88462560f0370edb329554cd5869
SHA256 7e2c70b7732fb1a9a61d7ce3d7290bc7b31ea28cbfb1dbc79d377835615b941f
SHA512 cadbf4db0417283a02febbabd337bf17b254a6eb6e771f8a553a140dd2b04efd0672b1f3175c044a3edd0a911ce59d6695f765555262560925f3159bb8f3b798

memory/5364-167-0x0000000000000000-mapping.dmp

memory/540-168-0x0000000000000000-mapping.dmp

memory/5396-169-0x0000000000000000-mapping.dmp

memory/1444-170-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\D3DSCache\3e2651cb230b5698\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

MD5 f49655f856acb8884cc0ace29216f511
SHA1 cb0f1f87ec0455ec349aaa950c600475ac7b7b6b
SHA256 7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba
SHA512 599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

memory/1896-172-0x0000000000000000-mapping.dmp

memory/3612-173-0x0000000000000000-mapping.dmp

memory/6004-174-0x0000000000000000-mapping.dmp

memory/204-175-0x0000000000000000-mapping.dmp

memory/5304-176-0x0000000000000000-mapping.dmp

memory/1048-177-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll

MD5 94173de2e35aa8d621fc1c4f54b2a082
SHA1 fbb2266ee47f88462560f0370edb329554cd5869
SHA256 7e2c70b7732fb1a9a61d7ce3d7290bc7b31ea28cbfb1dbc79d377835615b941f
SHA512 cadbf4db0417283a02febbabd337bf17b254a6eb6e771f8a553a140dd2b04efd0672b1f3175c044a3edd0a911ce59d6695f765555262560925f3159bb8f3b798

memory/4684-179-0x0000000000000000-mapping.dmp

memory/4560-180-0x0000000000000000-mapping.dmp

memory/1520-181-0x0000000000000000-mapping.dmp

memory/4048-182-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\D3DSCache\3e2651cb230b5698\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

MD5 f49655f856acb8884cc0ace29216f511
SHA1 cb0f1f87ec0455ec349aaa950c600475ac7b7b6b
SHA256 7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba
SHA512 599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

memory/1844-184-0x0000000000000000-mapping.dmp

memory/4304-185-0x0000000000000000-mapping.dmp

memory/5188-186-0x0000000000000000-mapping.dmp

memory/3796-187-0x0000000000000000-mapping.dmp

memory/2308-188-0x0000000000000000-mapping.dmp

memory/5300-189-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll

MD5 94173de2e35aa8d621fc1c4f54b2a082
SHA1 fbb2266ee47f88462560f0370edb329554cd5869
SHA256 7e2c70b7732fb1a9a61d7ce3d7290bc7b31ea28cbfb1dbc79d377835615b941f
SHA512 cadbf4db0417283a02febbabd337bf17b254a6eb6e771f8a553a140dd2b04efd0672b1f3175c044a3edd0a911ce59d6695f765555262560925f3159bb8f3b798

memory/4972-191-0x0000000000000000-mapping.dmp

memory/3328-192-0x0000000000000000-mapping.dmp

memory/4780-193-0x0000000000000000-mapping.dmp

memory/924-194-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\D3DSCache\3e2651cb230b5698\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

MD5 f49655f856acb8884cc0ace29216f511
SHA1 cb0f1f87ec0455ec349aaa950c600475ac7b7b6b
SHA256 7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba
SHA512 599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

memory/3232-196-0x0000000000000000-mapping.dmp

memory/4808-197-0x0000000007010000-0x0000000007052000-memory.dmp

memory/1232-198-0x0000000000000000-mapping.dmp

memory/5540-199-0x0000000000000000-mapping.dmp

memory/5812-200-0x0000000000000000-mapping.dmp

memory/5628-201-0x0000000000000000-mapping.dmp

memory/5848-202-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll

MD5 94173de2e35aa8d621fc1c4f54b2a082
SHA1 fbb2266ee47f88462560f0370edb329554cd5869
SHA256 7e2c70b7732fb1a9a61d7ce3d7290bc7b31ea28cbfb1dbc79d377835615b941f
SHA512 cadbf4db0417283a02febbabd337bf17b254a6eb6e771f8a553a140dd2b04efd0672b1f3175c044a3edd0a911ce59d6695f765555262560925f3159bb8f3b798

C:\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll

MD5 94173de2e35aa8d621fc1c4f54b2a082
SHA1 fbb2266ee47f88462560f0370edb329554cd5869
SHA256 7e2c70b7732fb1a9a61d7ce3d7290bc7b31ea28cbfb1dbc79d377835615b941f
SHA512 cadbf4db0417283a02febbabd337bf17b254a6eb6e771f8a553a140dd2b04efd0672b1f3175c044a3edd0a911ce59d6695f765555262560925f3159bb8f3b798

C:\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll

MD5 94173de2e35aa8d621fc1c4f54b2a082
SHA1 fbb2266ee47f88462560f0370edb329554cd5869
SHA256 7e2c70b7732fb1a9a61d7ce3d7290bc7b31ea28cbfb1dbc79d377835615b941f
SHA512 cadbf4db0417283a02febbabd337bf17b254a6eb6e771f8a553a140dd2b04efd0672b1f3175c044a3edd0a911ce59d6695f765555262560925f3159bb8f3b798

C:\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll

MD5 94173de2e35aa8d621fc1c4f54b2a082
SHA1 fbb2266ee47f88462560f0370edb329554cd5869
SHA256 7e2c70b7732fb1a9a61d7ce3d7290bc7b31ea28cbfb1dbc79d377835615b941f
SHA512 cadbf4db0417283a02febbabd337bf17b254a6eb6e771f8a553a140dd2b04efd0672b1f3175c044a3edd0a911ce59d6695f765555262560925f3159bb8f3b798

C:\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll

MD5 94173de2e35aa8d621fc1c4f54b2a082
SHA1 fbb2266ee47f88462560f0370edb329554cd5869
SHA256 7e2c70b7732fb1a9a61d7ce3d7290bc7b31ea28cbfb1dbc79d377835615b941f
SHA512 cadbf4db0417283a02febbabd337bf17b254a6eb6e771f8a553a140dd2b04efd0672b1f3175c044a3edd0a911ce59d6695f765555262560925f3159bb8f3b798

C:\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll

MD5 94173de2e35aa8d621fc1c4f54b2a082
SHA1 fbb2266ee47f88462560f0370edb329554cd5869
SHA256 7e2c70b7732fb1a9a61d7ce3d7290bc7b31ea28cbfb1dbc79d377835615b941f
SHA512 cadbf4db0417283a02febbabd337bf17b254a6eb6e771f8a553a140dd2b04efd0672b1f3175c044a3edd0a911ce59d6695f765555262560925f3159bb8f3b798

C:\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll

MD5 94173de2e35aa8d621fc1c4f54b2a082
SHA1 fbb2266ee47f88462560f0370edb329554cd5869
SHA256 7e2c70b7732fb1a9a61d7ce3d7290bc7b31ea28cbfb1dbc79d377835615b941f
SHA512 cadbf4db0417283a02febbabd337bf17b254a6eb6e771f8a553a140dd2b04efd0672b1f3175c044a3edd0a911ce59d6695f765555262560925f3159bb8f3b798

memory/3356-216-0x0000000000000000-mapping.dmp

memory/6104-217-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll

MD5 94173de2e35aa8d621fc1c4f54b2a082
SHA1 fbb2266ee47f88462560f0370edb329554cd5869
SHA256 7e2c70b7732fb1a9a61d7ce3d7290bc7b31ea28cbfb1dbc79d377835615b941f
SHA512 cadbf4db0417283a02febbabd337bf17b254a6eb6e771f8a553a140dd2b04efd0672b1f3175c044a3edd0a911ce59d6695f765555262560925f3159bb8f3b798

C:\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll

MD5 94173de2e35aa8d621fc1c4f54b2a082
SHA1 fbb2266ee47f88462560f0370edb329554cd5869
SHA256 7e2c70b7732fb1a9a61d7ce3d7290bc7b31ea28cbfb1dbc79d377835615b941f
SHA512 cadbf4db0417283a02febbabd337bf17b254a6eb6e771f8a553a140dd2b04efd0672b1f3175c044a3edd0a911ce59d6695f765555262560925f3159bb8f3b798

C:\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll

MD5 94173de2e35aa8d621fc1c4f54b2a082
SHA1 fbb2266ee47f88462560f0370edb329554cd5869
SHA256 7e2c70b7732fb1a9a61d7ce3d7290bc7b31ea28cbfb1dbc79d377835615b941f
SHA512 cadbf4db0417283a02febbabd337bf17b254a6eb6e771f8a553a140dd2b04efd0672b1f3175c044a3edd0a911ce59d6695f765555262560925f3159bb8f3b798

C:\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll

MD5 94173de2e35aa8d621fc1c4f54b2a082
SHA1 fbb2266ee47f88462560f0370edb329554cd5869
SHA256 7e2c70b7732fb1a9a61d7ce3d7290bc7b31ea28cbfb1dbc79d377835615b941f
SHA512 cadbf4db0417283a02febbabd337bf17b254a6eb6e771f8a553a140dd2b04efd0672b1f3175c044a3edd0a911ce59d6695f765555262560925f3159bb8f3b798

memory/5752-205-0x0000000000000000-mapping.dmp

memory/2816-204-0x0000000000000000-mapping.dmp

memory/5136-220-0x0000000000000000-mapping.dmp

memory/5196-219-0x0000000000000000-mapping.dmp

memory/5180-218-0x0000000000000000-mapping.dmp

memory/5192-223-0x0000000000000000-mapping.dmp

memory/5276-222-0x0000000000000000-mapping.dmp

memory/4008-227-0x0000000000000000-mapping.dmp

memory/5216-226-0x0000000000000000-mapping.dmp

memory/1908-225-0x0000000000000000-mapping.dmp

memory/3968-224-0x0000000000000000-mapping.dmp

memory/5132-221-0x0000000000000000-mapping.dmp

memory/6472-228-0x0000000004E30000-0x0000000004E40000-memory.dmp