Analysis
-
max time kernel
29s -
max time network
150s -
platform
windows7_x64 -
resource
win7-20240729-en -
resource tags
-
submitted
05-08-2024 18:47
General
-
Target
Remove Duplicates by xRisky v1.exe
-
Size
547KB
-
MD5
731e0addfe7c32066783fa33db494eff
-
SHA1
29f628362813b3b03c1eaae29d8230c3bc4485ab
-
SHA256
0d6d468d9d9595fc896559f15537a58bc006ebe8470fffcad933cede58731dbe
-
SHA512
6dbb7fb9bb29c45011ad6017d3e7db928079888d85d9d32eef6b816e7350a49b5df3c47f7ae71ca2e829e95f3ecc2205dad48e29a011a71f557b44fdfa2ad949
-
SSDEEP
12288:sfhF1ROYYCrqEp3fWhcueuF16B1ROmYnHglvlynf/y8:6cVMp3uRbF2EHgVlAf
Score
10/10
Malware Config
Extracted
Family
redline
Botnet
UltimateCrackPack
C2
51.83.170.23:16128
Signatures
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload 5 IoCs
-
SectopRAT
SectopRAT is a remote access trojan first seen in November 2019.
-
SectopRAT payload 5 IoCs
-
Executes dropped EXE 64 IoCs
-
Adds Run key to start application 2 TTPs 12 IoCs
-
Command and Scripting Interpreter: PowerShell 1 TTPs 64 IoCs
Using powershell.exe command.
-
Looks up external IP address via web service 64 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext 31 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious use of AdjustPrivilegeToken 38 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"2⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'3⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"3⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"2⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"3⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'4⤵
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"4⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"3⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"4⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'5⤵
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"5⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"4⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"5⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'6⤵
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"6⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"5⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"6⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'7⤵
- Adds Run key to start application
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"7⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"6⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"7⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'8⤵
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"8⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"7⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"8⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'9⤵
- Adds Run key to start application
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"9⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"9⤵
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"8⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"9⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'10⤵
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"10⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"9⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"10⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'11⤵
- Adds Run key to start application
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"11⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"11⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"10⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"11⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'12⤵
- Adds Run key to start application
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"12⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"11⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"12⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'13⤵
- Adds Run key to start application
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"13⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"12⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"13⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'14⤵
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"14⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"13⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"14⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'15⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"15⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"14⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"15⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'16⤵
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"16⤵
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"15⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"16⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'17⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"17⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"16⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"17⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'18⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"18⤵
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"17⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"18⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'19⤵
- Command and Scripting Interpreter: PowerShell
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"19⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"18⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"19⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'20⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"20⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"19⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"20⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'21⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"21⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"20⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"21⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'22⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"22⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"21⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"22⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'23⤵
- Command and Scripting Interpreter: PowerShell
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"23⤵
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"22⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"23⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'24⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"24⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"23⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"24⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'25⤵
- Command and Scripting Interpreter: PowerShell
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"25⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"24⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"25⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'26⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"26⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"26⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"26⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"25⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"26⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'27⤵
- Command and Scripting Interpreter: PowerShell
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"27⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"26⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"27⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'28⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"28⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"27⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"28⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'29⤵
- Command and Scripting Interpreter: PowerShell
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"29⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"28⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"29⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'30⤵
- Command and Scripting Interpreter: PowerShell
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"30⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"29⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"30⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'31⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"31⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"30⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"31⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'32⤵
- Command and Scripting Interpreter: PowerShell
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"32⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"31⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"32⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'33⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"33⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"32⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"33⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'34⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"34⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"33⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"34⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'35⤵
- Command and Scripting Interpreter: PowerShell
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"35⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"34⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"35⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'36⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"36⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"35⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"36⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'37⤵
- Command and Scripting Interpreter: PowerShell
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"37⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"36⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"37⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'38⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"38⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"37⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"38⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'39⤵
- Command and Scripting Interpreter: PowerShell
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"39⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"38⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"39⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'40⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"40⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"39⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"40⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'41⤵
- Command and Scripting Interpreter: PowerShell
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"41⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"40⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"41⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'42⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"42⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"42⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"42⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"41⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"42⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'43⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"43⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"42⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"43⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'44⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"44⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"43⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"44⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'45⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"45⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"45⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"45⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"44⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"45⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'46⤵
- Command and Scripting Interpreter: PowerShell
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"46⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"46⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"45⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"46⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'47⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"47⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"46⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"47⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'48⤵
- Command and Scripting Interpreter: PowerShell
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"48⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"47⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"48⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'49⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"49⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"48⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"49⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'50⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"50⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"49⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"50⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'51⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"51⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"50⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"51⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'52⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"52⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"51⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"52⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'53⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"53⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"52⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"53⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'54⤵
- Command and Scripting Interpreter: PowerShell
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"54⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"53⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"54⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'55⤵
- Command and Scripting Interpreter: PowerShell
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"55⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"54⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"55⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'56⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"56⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"56⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"55⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"56⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'57⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"57⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"56⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"57⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'58⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"58⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"57⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"58⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'59⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"59⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"59⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"58⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"59⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'60⤵
- Command and Scripting Interpreter: PowerShell
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"60⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"59⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"60⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'61⤵
- Command and Scripting Interpreter: PowerShell
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"61⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"60⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"61⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'62⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"62⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"61⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"62⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'63⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"63⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"62⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"63⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'64⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"64⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"63⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"64⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'65⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"65⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"64⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"65⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'66⤵
- Command and Scripting Interpreter: PowerShell
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"66⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"65⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"66⤵
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'67⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"67⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"66⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"67⤵
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'68⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"68⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"67⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"68⤵
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'69⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"69⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"68⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"69⤵
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'70⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"70⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"69⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"70⤵
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'71⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"71⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"70⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"71⤵
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'72⤵
- Command and Scripting Interpreter: PowerShell
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"72⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"71⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"72⤵
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'73⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"73⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"72⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"73⤵
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'74⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"74⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"73⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"74⤵
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'75⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"75⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"74⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"75⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'76⤵
- Command and Scripting Interpreter: PowerShell
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"76⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"75⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"76⤵
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'77⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"77⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"76⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"77⤵
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'78⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"78⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"77⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"78⤵
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'79⤵
- Command and Scripting Interpreter: PowerShell
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"79⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"78⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"79⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'80⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"80⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"79⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"80⤵
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'81⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"81⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"80⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"81⤵
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'82⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"82⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"81⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"82⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'83⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"83⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"82⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"83⤵
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'84⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"84⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"83⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"84⤵
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'85⤵
- Command and Scripting Interpreter: PowerShell
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"85⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"84⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"85⤵
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'86⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"86⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"85⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"86⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'87⤵
- Command and Scripting Interpreter: PowerShell
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"87⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"86⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"87⤵
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'88⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"88⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"87⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"88⤵
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'89⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"89⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"88⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"89⤵
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'90⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"90⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"89⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"90⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'91⤵
- Command and Scripting Interpreter: PowerShell
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"91⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"91⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"90⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"91⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'92⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"92⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"91⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"92⤵
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'93⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"93⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"92⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"93⤵
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'94⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"94⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"93⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"94⤵
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'95⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"95⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"94⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"95⤵
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'96⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"96⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"95⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"96⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'97⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"97⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"96⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"97⤵
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'98⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"98⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"97⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"98⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'99⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"99⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"98⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"99⤵
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'100⤵
- Command and Scripting Interpreter: PowerShell
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"100⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"99⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"100⤵
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'101⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"101⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"100⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"101⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'102⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"102⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"101⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"102⤵
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'103⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"103⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"102⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"103⤵
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'104⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"104⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"103⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"104⤵
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'105⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"105⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"105⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"104⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"105⤵
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'106⤵
- Command and Scripting Interpreter: PowerShell
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"106⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"105⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"106⤵
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'107⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"107⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"106⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"107⤵
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'108⤵
- Command and Scripting Interpreter: PowerShell
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"108⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"107⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"108⤵
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'109⤵
- Command and Scripting Interpreter: PowerShell
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"109⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"108⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"109⤵
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'110⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"110⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"109⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"110⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'111⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"111⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"110⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"111⤵
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'112⤵
- Command and Scripting Interpreter: PowerShell
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"112⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"111⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"112⤵
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'113⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"113⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"112⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"113⤵
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'114⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"114⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"113⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"114⤵
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'115⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"115⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"115⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"114⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"115⤵
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'116⤵
- Command and Scripting Interpreter: PowerShell
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"116⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"115⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"116⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'117⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"117⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"116⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"117⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'118⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"118⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"117⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"118⤵
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'119⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"119⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"118⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"119⤵
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'120⤵
- Command and Scripting Interpreter: PowerShell
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"120⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"119⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"120⤵
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'121⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"121⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"120⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"121⤵
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'122⤵
- Command and Scripting Interpreter: PowerShell
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"122⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"121⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"122⤵
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'123⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"123⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"122⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"123⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'124⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"124⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"123⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"124⤵
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'125⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"125⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"124⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"125⤵
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'126⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"126⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"125⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"126⤵
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'127⤵
- Command and Scripting Interpreter: PowerShell
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"127⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"126⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"127⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'128⤵
- Command and Scripting Interpreter: PowerShell
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"128⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"127⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"128⤵
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'129⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"129⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"128⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"129⤵
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'130⤵
- Command and Scripting Interpreter: PowerShell
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"130⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"129⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"130⤵
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'131⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"131⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"131⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"130⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"131⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'132⤵
- Command and Scripting Interpreter: PowerShell
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"132⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"131⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"132⤵
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'133⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"133⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"132⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"133⤵
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'134⤵
- Command and Scripting Interpreter: PowerShell
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"134⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"134⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"134⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"133⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"134⤵
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'135⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"135⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"134⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"135⤵
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'136⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"136⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"135⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"136⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'137⤵
- Command and Scripting Interpreter: PowerShell
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"137⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"137⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"136⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"137⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'138⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"138⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"137⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"138⤵
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'139⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"139⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"138⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"139⤵
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'140⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"140⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"139⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"140⤵
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'141⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"141⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"140⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"141⤵
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'142⤵
- Command and Scripting Interpreter: PowerShell
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"142⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"141⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"142⤵
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'143⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"143⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"142⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"143⤵
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'144⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"144⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"144⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"143⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"144⤵
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'145⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"145⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"144⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"145⤵
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'146⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"146⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"145⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"146⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'147⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"147⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"146⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"147⤵
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'148⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"148⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"147⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"148⤵
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'149⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"149⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"148⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"149⤵
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'150⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"150⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"149⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"150⤵
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'151⤵
- Command and Scripting Interpreter: PowerShell
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"151⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"150⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"151⤵
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'152⤵
- Command and Scripting Interpreter: PowerShell
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"152⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"151⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"152⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'153⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"153⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"152⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"153⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'154⤵
- Command and Scripting Interpreter: PowerShell
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"154⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"153⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"154⤵
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'155⤵
- Command and Scripting Interpreter: PowerShell
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"155⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"154⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"155⤵
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'156⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"156⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"155⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"156⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'157⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"157⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"156⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"157⤵
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'158⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"158⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"158⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"157⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"158⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'159⤵
- Command and Scripting Interpreter: PowerShell
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"159⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"159⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"159⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"158⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"159⤵
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'160⤵
- Command and Scripting Interpreter: PowerShell
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"160⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"159⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"160⤵
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'161⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"161⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"160⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"161⤵
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'162⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"162⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"161⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"162⤵
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'163⤵
- Command and Scripting Interpreter: PowerShell
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"163⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"163⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"162⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"163⤵
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'164⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"164⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"163⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"164⤵
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'165⤵
- Command and Scripting Interpreter: PowerShell
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"165⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"164⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"165⤵
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'166⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"166⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"165⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"166⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'167⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"167⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"166⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"167⤵
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'168⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"168⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"167⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"168⤵
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'169⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"169⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"168⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"169⤵
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'170⤵
- Command and Scripting Interpreter: PowerShell
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"170⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"170⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"169⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"170⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'171⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"171⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"170⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"171⤵
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'172⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"172⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"172⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"171⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"172⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'173⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"173⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"172⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"173⤵
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'174⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"174⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"173⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"174⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'175⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"175⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"174⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"175⤵
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'176⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"176⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"175⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"176⤵
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'177⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"177⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"176⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"177⤵
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'178⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"178⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"177⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"178⤵
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'179⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"179⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"178⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"179⤵
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'180⤵
- Command and Scripting Interpreter: PowerShell
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"180⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"179⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"180⤵
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'181⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"181⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"180⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"181⤵
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'182⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"182⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"181⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"182⤵
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'183⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"183⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"182⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"183⤵
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'184⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"184⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"183⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"184⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'185⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"185⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"184⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"185⤵
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'186⤵
- Command and Scripting Interpreter: PowerShell
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"186⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"185⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"186⤵
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'187⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"187⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"187⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"186⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"187⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'188⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"188⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"187⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"188⤵
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'189⤵
- Command and Scripting Interpreter: PowerShell
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"189⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"188⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"189⤵
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'190⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"190⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"189⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"190⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'191⤵
- Command and Scripting Interpreter: PowerShell
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"191⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"190⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"191⤵
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'192⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"192⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"191⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"192⤵
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'193⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"193⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"192⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"193⤵
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'194⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"194⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"193⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"194⤵
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'195⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"195⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"195⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"194⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"195⤵
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'196⤵
- Command and Scripting Interpreter: PowerShell
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"196⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"195⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"196⤵
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'197⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"197⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"196⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"197⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'198⤵
- Command and Scripting Interpreter: PowerShell
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"198⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"197⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"198⤵
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'199⤵
- Command and Scripting Interpreter: PowerShell
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"199⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"198⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"199⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'200⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"200⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"200⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"199⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"200⤵
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'201⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"201⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"200⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"201⤵
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'202⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"202⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"201⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"202⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'203⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"203⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"202⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"203⤵
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'204⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"204⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"203⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"204⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'205⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"205⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"204⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"205⤵
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'206⤵
- Command and Scripting Interpreter: PowerShell
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"206⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"205⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"206⤵
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'207⤵
- Command and Scripting Interpreter: PowerShell
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"207⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"206⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"207⤵
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'208⤵
- Command and Scripting Interpreter: PowerShell
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"208⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"207⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"208⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'209⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"209⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"208⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"209⤵
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'210⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"210⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"210⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"209⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"210⤵
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'211⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"211⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"210⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"211⤵
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'212⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"212⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"211⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"212⤵
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'213⤵
- Command and Scripting Interpreter: PowerShell
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"213⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"212⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"213⤵
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'214⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"214⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"214⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"213⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"214⤵
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'215⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"215⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"214⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"215⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'216⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"216⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"215⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"216⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'217⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"217⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"216⤵
-
C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"217⤵
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'218⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"218⤵
-
C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"C:\Users\Admin\AppData\Local\Temp\Remove Duplicates by xRisky v1.exe"217⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-5572035712001627448591431239-380580045-321662574-18089725921796066337866956086"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "351371060-286299321-984849893-172056281-65518271112221207621857078746225373825"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "106729880-173559196-126295102197823086-1784431017-4583945021400339752-109823724"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-802175074-1330646034902521727-1604162973423818627-14705817801694936120571007269"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-8998977521850221352-29081964895363613118819231839507976731199536362844490336"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "252802101950879852563022190-1712872443-9322966201852678614-461889929-290829569"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-2009460714-338420892269262430-1614906966-3190371312723902311578402984-1791434737"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-1062940201-289695446-911830519-1191175886-491087035195743106653907132-1517095440"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-14155226651660332195-1224121081072197774-1101700904-7209538381514064931414429246"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "675987432715805418-1816054548-2087905446-1557520331-3830926351547078678-92862598"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "765891933-72219369-1457312845-1498438118-252461930-790568102-4402545901945416233"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "51455018520537996945331291702071637494-1558139450-309403771920033154-291940351"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-52165082-6834380325564923971806585178-7816327547222636612477132181767957975"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "306545121-1660761739146769408827032494813618030834494896541847211817-900288802"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "1346122121390968402-2126472391734433397730636004369466403-1446836660-1622835377"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-1614449865-1829501314780876982382891-1215589001-481972110-483200980-79511229"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "117101948-45917840119206020-665139193-2082232584-1906005779-875053037-1699885069"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "634080252-638460192-3963248841795120419839791151912336138579203012-1214360116"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "967364449-822493922-230139281-270526669-176395514089614377714464818341230133384"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "6356850421443566722-1706908567605463575-1997442934-1993118241-1837015416-1581466477"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "1532572494-974371773-406141343-1490466718-4767386851259118869-1432627539-1522572792"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-14557894811584118455466211866-3606331041959332685454256597-17747684351355319672"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "222896309-326915865914461363-752565556-19976379371171204070-1703061138-1271112098"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-4857870101716701882-663607361236172362592417039-138095073-2134411162452780980"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-1040954373-1918450818-612232306-1455203719-126283459057702011629955942846737213"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-7882964321314909177036904061721365842-1644681121-1042171221388866414-1908488822"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-15335647811762829578-2104077055844067575-34662709-1914686492-1031313737-1899293700"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "113660573230741100-1554822292117699451-21086628541765929068-1283586827-840690245"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-1598389686-1846315451-1137464663912858540-522467773-2115343744-26834856329088572"1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
115KB
MD5dc6f230a993249cbe632aea3edbbd63e
SHA1ee67ed14eb647918d0d7ffd11ba7b665eeb19c27
SHA256a6c001e47fd68b6c97fa484c5c98f918eed5d231bd8f1a4e4ad65af20788118b
SHA5127e9b46e5d8e8fa609c839d570cf6cf80c7464de553f094e02b6f86e96dc81ce65a1f5f071acd6fadec9d1f4690f48972d4425a7dc2bb0bab7d0588eae81fa5e2
-
Filesize
46KB
MD502d2c46697e3714e49f46b680b9a6b83
SHA184f98b56d49f01e9b6b76a4e21accf64fd319140
SHA256522cad95d3fa6ebb3274709b8d09bbb1ca37389d0a924cd29e934a75aa04c6c9
SHA51260348a145bfc71b1e07cb35fa79ab5ff472a3d0a557741ea2d39b3772bc395b86e261bd616f65307ae0d997294e49b5548d32f11e86ef3e2704959ca63da8aac
-
Filesize
92KB
MD5a0a3916d62bbb8f217555072c555c35d
SHA15b4a9e00ba247d9b088ccf8e751e3b202157a58e
SHA256f9f7369811d1696668b6ebb61d921ec9a92890a95843134b4fa0496ad1370805
SHA5126d6d5cebd9a1496b170dfce47fca9ca356db61c385a60f421187826f91dd4c70de3bef18f7fbcffaf8602b512216f35c9dfa9e8e5a45ba38a5e97464ba4be7ca
-
Filesize
96KB
MD5d367ddfda80fdcf578726bc3b0bc3e3c
SHA123fcd5e4e0e5e296bee7e5224a8404ecd92cf671
SHA2560b8607fdf72f3e651a2a8b0ac7be171b4cb44909d76bb8d6c47393b8ea3d84a0
SHA51240e9239e3f084b4b981431817ca282feb986cf49227911bf3d68845baf2ee626b564c8fabe6e13b97e6eb214da1c02ca09a62bcf5e837900160cf479c104bf77
-
Filesize
15KB
MD56a5d14e48c89a67b01f9b37a48ab64e1
SHA112f817f3c4cf8f07d5956112f74dad55173e7a31
SHA25646e5b0d87138e586ab7db5182f676f596bea70a9c1dc2e46baa83820a8c72652
SHA51277c479b5a7531349a08b27bfab706ff62ceb32517f867f6735a282dc6b7f2ee4a154a81ddcea1501a775c33ac9674a2a4639575bc09a680013d9ce99f015eda6
-
Filesize
319KB
MD572f6b0d71df9cf1ce597fce71f08bcb2
SHA1b4c553fa12c4e22c2fb09749690221efde20bb34
SHA256b45256906780ac6cd1b2285587d071ec2b7daaf520a72632fa3c856653f77b22
SHA5125562d39d664d843779ee0b6e04c8dc3a6dfab358226f0bdbc92c5413f4209db03b2024ec519d1c4ccbf7090209ef46bbb31b24116686d1e3c15ab050887b63de
-
Filesize
7KB
MD52bdf69af8e3bf5268907f79fd45db9d3
SHA1c4248a8bc595774cc7277d72a6108d024b257a5f
SHA25682ef17d1f4b63abefc28a600f9e9d62afa09dc930f0006f6f25e5d3281948e88
SHA5125883324990b268cb2134800fdde15e41a061c07b5bb6dd94126f99c8cebc744b0217d45f0a41f0cf25d1a2369d8c02bf306e9186f1d5f61a7288374be513bea6
-
Filesize
136KB
-
Filesize
136KB
-
Filesize
136KB
-
Filesize
4KB
-
Filesize
576KB
-
Filesize
136KB
-
Filesize
136KB
-
Filesize
136KB
-
Filesize
136KB
-
Filesize
144KB
-
Filesize
136KB
-
Filesize
136KB
-
Filesize
136KB
-
Filesize
136KB
-
Filesize
136KB
-
Filesize
136KB
-
Filesize
136KB
-
Filesize
136KB
-
Filesize
136KB
-
Filesize
136KB
-
Filesize
136KB
-
Filesize
136KB
-
Filesize
136KB
-
Filesize
136KB
-
Filesize
136KB
-
Filesize
136KB
-
Filesize
136KB
-
Filesize
136KB
-
Filesize
136KB
-
Filesize
136KB
-
Filesize
136KB
-
Filesize
136KB
-
Filesize
136KB
-
Filesize
136KB
-
Filesize
136KB
-
Filesize
136KB
-
Filesize
136KB
-
Filesize
136KB
-
Filesize
136KB
-
Filesize
136KB
-
Filesize
136KB
-
Filesize
136KB
-
Filesize
136KB
-
Filesize
136KB
-
Filesize
136KB
-
Filesize
136KB
-
Filesize
136KB
-
Filesize
136KB
-
Filesize
136KB
-
Filesize
136KB
-
Filesize
136KB
-
Filesize
136KB
-
Filesize
136KB
-
Filesize
136KB
-
Filesize
136KB
-
Filesize
136KB
-
Filesize
4KB
-
Filesize
120KB
-
Filesize
120KB
-
Filesize
120KB
-
Filesize
4KB
-
Filesize
120KB
-
Filesize
120KB
-
Filesize
120KB
-
Filesize
120KB
-
Filesize
136KB
-
Filesize
136KB
-
Filesize
136KB
-
Filesize
136KB
-
Filesize
136KB
-
Filesize
136KB