redline | 3eadfa021e89e69ffe4dbf5c3d3eec4843ceb7ad5033498477b914ba6316657b

Resubmissions

05/08/2024, 19:21

240805-x258cswblp 10

05/08/2024, 18:50

240805-xgxeqaydqh 10

Analysis

max time kernel
34s
max time network
150s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
05/08/2024, 18:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

TextUtils.exe
Size

398KB
MD5

1c09825dd1fa0637c1d5089a65702ede
SHA1

a1da9a5c8d8b79689c9153adf459960fbccde80b
SHA256

3eadfa021e89e69ffe4dbf5c3d3eec4843ceb7ad5033498477b914ba6316657b
SHA512

948252d25c6a481432c52c762637c66d764f7fd90b0fa65d7c44b21af048b87950f918831b7d716fe65f6d10da42c337cb8b5860f2a223d7dc4c8f9d38d9fc00
SSDEEP

12288:kdJoSpPkFtttttttCttttttttttttttpst8ZcxruaZ4A3G31111111111111111/:kdlPgrua13Q11111111111111111D11x

Score

10^/10

redline sectoprat ultimatecrackpack discovery execution infostealer persistence rat trojan

Malware Config

Extracted

Family

redline

Botnet

UltimateCrackPack

51.83.170.23:16128

Signatures

RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline

RedLine payload 4 IoCs

resource	yara_rule
behavioral1/memory/6832-94-0x0000000000400000-0x000000000041E000-memory.dmp	family_redline
behavioral1/memory/6664-158-0x0000000000400000-0x000000000041E000-memory.dmp	family_redline
behavioral1/memory/6832-91-0x0000000000400000-0x000000000041E000-memory.dmp	family_redline
behavioral1/memory/6832-89-0x0000000000400000-0x000000000041E000-memory.dmp	family_redline

SectopRAT
SectopRAT is a remote access trojan first seen in November 2019.
trojan rat sectoprat

SectopRAT payload 4 IoCs

resource	yara_rule
behavioral1/memory/6832-94-0x0000000000400000-0x000000000041E000-memory.dmp	family_sectoprat
behavioral1/memory/6664-158-0x0000000000400000-0x000000000041E000-memory.dmp	family_sectoprat
behavioral1/memory/6832-91-0x0000000000400000-0x000000000041E000-memory.dmp	family_sectoprat
behavioral1/memory/6832-89-0x0000000000400000-0x000000000041E000-memory.dmp	family_sectoprat

Executes dropped EXE 64 IoCs

pid	Process
2696	Ultimate-Crack-Pack.exe
2900	Ultimate-Crack-Pack.exe
2640	Ultimate-Crack-Pack.exe
2596	Ultimate-Crack-Pack.exe
3024	Ultimate-Crack-Pack.exe
2592	Ultimate-Crack-Pack.exe
1580	Ultimate-Crack-Pack.exe
1792	Ultimate-Crack-Pack.exe
1732	Ultimate-Crack-Pack.exe
2848	Ultimate-Crack-Pack.exe
264	Ultimate-Crack-Pack.exe
2340	Ultimate-Crack-Pack.exe
2216	Ultimate-Crack-Pack.exe
1520	Ultimate-Crack-Pack.exe
3036	Ultimate-Crack-Pack.exe
352	Ultimate-Crack-Pack.exe
788	Ultimate-Crack-Pack.exe
616	Ultimate-Crack-Pack.exe
2468	Ultimate-Crack-Pack.exe
2280	Ultimate-Crack-Pack.exe
376	Ultimate-Crack-Pack.exe
2356	Ultimate-Crack-Pack.exe
2060	Ultimate-Crack-Pack.exe
2676	Ultimate-Crack-Pack.exe
2584	Ultimate-Crack-Pack.exe
3004	Ultimate-Crack-Pack.exe
2316	Ultimate-Crack-Pack.exe
2812	Ultimate-Crack-Pack.exe
1800	Ultimate-Crack-Pack.exe
680	Ultimate-Crack-Pack.exe
2156	Ultimate-Crack-Pack.exe
2116	Ultimate-Crack-Pack.exe
1628	Ultimate-Crack-Pack.exe
2728	Ultimate-Crack-Pack.exe
2008	Ultimate-Crack-Pack.exe
2416	Ultimate-Crack-Pack.exe
820	Ultimate-Crack-Pack.exe
1604	Ultimate-Crack-Pack.exe
2732	Ultimate-Crack-Pack.exe
2664	Ultimate-Crack-Pack.exe
2960	Ultimate-Crack-Pack.exe
2200	Ultimate-Crack-Pack.exe
1868	Ultimate-Crack-Pack.exe
2332	Ultimate-Crack-Pack.exe
1980	Ultimate-Crack-Pack.exe
3032	Ultimate-Crack-Pack.exe
1568	Ultimate-Crack-Pack.exe
2476	Ultimate-Crack-Pack.exe
1988	Ultimate-Crack-Pack.exe
1612	Ultimate-Crack-Pack.exe
2792	Ultimate-Crack-Pack.exe
272	Ultimate-Crack-Pack.exe
2324	Ultimate-Crack-Pack.exe
2056	Ultimate-Crack-Pack.exe
1224	Ultimate-Crack-Pack.exe
1728	Ultimate-Crack-Pack.exe
3028	Ultimate-Crack-Pack.exe
2712	Ultimate-Crack-Pack.exe
1556	Ultimate-Crack-Pack.exe
1808	Ultimate-Crack-Pack.exe
1288	Ultimate-Crack-Pack.exe
1600	Ultimate-Crack-Pack.exe
3052	Ultimate-Crack-Pack.exe
2864	Ultimate-Crack-Pack.exe

Adds Run key to start application 2 TTPs 38 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Windows\CurrentVersion\Run\msconfig.exe = "C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\System Configuration\\msconfig.exe.exe"	powershell.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Windows\CurrentVersion\Run\msconfig.exe = "C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\System Configuration\\msconfig.exe.exe"	powershell.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Windows\CurrentVersion\Run\msconfig.exe = "C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\System Configuration\\msconfig.exe.exe"	powershell.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Windows\CurrentVersion\Run\msconfig.exe = "C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\System Configuration\\msconfig.exe.exe"	powershell.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Windows\CurrentVersion\Run\msconfig.exe = "C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\System Configuration\\msconfig.exe.exe"	powershell.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Windows\CurrentVersion\Run\msconfig.exe = "C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\System Configuration\\msconfig.exe.exe"	powershell.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Windows\CurrentVersion\Run\msconfig.exe = "C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\System Configuration\\msconfig.exe.exe"	powershell.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Windows\CurrentVersion\Run\msconfig.exe = "C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\System Configuration\\msconfig.exe.exe"	powershell.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Windows\CurrentVersion\Run\msconfig.exe = "C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\System Configuration\\msconfig.exe.exe"	powershell.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Windows\CurrentVersion\Run\msconfig.exe = "C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\System Configuration\\msconfig.exe.exe"	powershell.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Windows\CurrentVersion\Run\msconfig.exe = "C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\System Configuration\\msconfig.exe.exe"	powershell.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Windows\CurrentVersion\Run\msconfig.exe = "C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\System Configuration\\msconfig.exe.exe"	powershell.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Windows\CurrentVersion\Run\msconfig.exe = "C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\System Configuration\\msconfig.exe.exe"	powershell.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Windows\CurrentVersion\Run\msconfig.exe = "C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\System Configuration\\msconfig.exe.exe"	powershell.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Windows\CurrentVersion\Run\msconfig.exe = "C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\System Configuration\\msconfig.exe.exe"	powershell.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Windows\CurrentVersion\Run\msconfig.exe = "C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\System Configuration\\msconfig.exe.exe"	powershell.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Windows\CurrentVersion\Run\msconfig.exe = "C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\System Configuration\\msconfig.exe.exe"	powershell.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Windows\CurrentVersion\Run\msconfig.exe = "C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\System Configuration\\msconfig.exe.exe"	powershell.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Windows\CurrentVersion\Run\msconfig.exe = "C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\System Configuration\\msconfig.exe.exe"	powershell.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Windows\CurrentVersion\Run\msconfig.exe = "C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\System Configuration\\msconfig.exe.exe"	powershell.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Windows\CurrentVersion\Run\msconfig.exe = "C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\System Configuration\\msconfig.exe.exe"	powershell.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Windows\CurrentVersion\Run\msconfig.exe = "C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\System Configuration\\msconfig.exe.exe"	powershell.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Windows\CurrentVersion\Run\msconfig.exe = "C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\System Configuration\\msconfig.exe.exe"	powershell.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Windows\CurrentVersion\Run\msconfig.exe = "C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\System Configuration\\msconfig.exe.exe"	powershell.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Windows\CurrentVersion\Run\msconfig.exe = "C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\System Configuration\\msconfig.exe.exe"	powershell.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Windows\CurrentVersion\Run\msconfig.exe = "C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\System Configuration\\msconfig.exe.exe"	powershell.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Windows\CurrentVersion\Run\msconfig.exe = "C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\System Configuration\\msconfig.exe.exe"	powershell.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Windows\CurrentVersion\Run\msconfig.exe = "C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\System Configuration\\msconfig.exe.exe"	powershell.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Windows\CurrentVersion\Run\msconfig.exe = "C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\System Configuration\\msconfig.exe.exe"	powershell.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Windows\CurrentVersion\Run\msconfig.exe = "C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\System Configuration\\msconfig.exe.exe"	powershell.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Windows\CurrentVersion\Run\msconfig.exe = "C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\System Configuration\\msconfig.exe.exe"	powershell.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Windows\CurrentVersion\Run\msconfig.exe = "C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\System Configuration\\msconfig.exe.exe"	powershell.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Windows\CurrentVersion\Run\msconfig.exe = "C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\System Configuration\\msconfig.exe.exe"	powershell.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Windows\CurrentVersion\Run\msconfig.exe = "C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\System Configuration\\msconfig.exe.exe"	powershell.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Windows\CurrentVersion\Run\msconfig.exe = "C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\System Configuration\\msconfig.exe.exe"	powershell.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Windows\CurrentVersion\Run\msconfig.exe = "C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\System Configuration\\msconfig.exe.exe"	powershell.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Windows\CurrentVersion\Run\msconfig.exe = "C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\System Configuration\\msconfig.exe.exe"	powershell.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Windows\CurrentVersion\Run\msconfig.exe = "C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\System Configuration\\msconfig.exe.exe"	powershell.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 64 IoCs

Using powershell.exe command.

execution

PowerShell

T1059.001

pid	Process
13448	powershell.exe
8576	powershell.exe
7824	powershell.exe
12776	powershell.exe
14420	Process not Found
11212	powershell.exe
10376	powershell.exe
3756	powershell.exe
264	powershell.exe
9344	powershell.exe
14588	Process not Found
5448	Process not Found
8252	powershell.exe
9424	powershell.exe
9516	powershell.exe
11048	powershell.exe
11620	powershell.exe
5308	Process not Found
13124	powershell.exe
12900	Process not Found
9336	powershell.exe
11092	powershell.exe
14044	powershell.exe
15112	Process not Found
7320	powershell.exe
11156	powershell.exe
12680	powershell.exe
7572	powershell.exe
8400	powershell.exe
9688	powershell.exe
3080	Process not Found
7240	powershell.exe
7872	powershell.exe
9352	powershell.exe
1840	powershell.exe
3500	powershell.exe
14036	powershell.exe
4140	Process not Found
15276	Process not Found
10112	powershell.exe
10304	powershell.exe
14056	powershell.exe
2208	Process not Found
9396	powershell.exe
10284	powershell.exe
12032	powershell.exe
12168	Process not Found
7836	powershell.exe
12924	powershell.exe
6216	powershell.exe
4088	powershell.exe
11124	powershell.exe
9532	powershell.exe
9252	powershell.exe
11496	powershell.exe
4076	Process not Found
6652	powershell.exe
8500	powershell.exe
9360	powershell.exe
9812	powershell.exe
10524	powershell.exe
12268	powershell.exe
7600	powershell.exe
7784	powershell.exe

Looks up external IP address via web service 64 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
83	ipinfo.io
89	ipinfo.io
90	api.ipify.org
129	api.ipify.org
145	api.ipify.org
146	api.ipify.org
148	api.ipify.org
66	api.ipify.org
179	api.ipify.org
151	api.ipify.org
102	ipinfo.io
130	api.ipify.org
144	api.ipify.org
161	api.ipify.org
163	ipinfo.io
187	api.ipify.org
193	api.ipify.org
65	api.ipify.org
106	api.ipify.org
126	ipinfo.io
137	ipinfo.io
153	api.ipify.org
186	ipinfo.io
85	ipinfo.io
104	ipinfo.io
125	ipinfo.io
131	api.ipify.org
132	api.ipify.org
135	ipinfo.io
79	ipinfo.io
123	ipinfo.io
143	ipinfo.io
149	api.ipify.org
155	ipinfo.io
64	api.ipify.org
101	ipinfo.io
122	ipinfo.io
140	ipinfo.io
168	api.ipify.org
190	ipinfo.io
87	api.ipify.org
62	ipinfo.io
71	api.ipify.org
99	api.ipify.org
103	ipinfo.io
134	ipinfo.io
150	api.ipify.org
167	ipinfo.io
59	ipinfo.io
174	api.ipify.org
92	api.ipify.org
157	ipinfo.io
158	api.ipify.org
61	ipinfo.io
86	api.ipify.org
91	api.ipify.org
98	ipinfo.io
108	api.ipify.org
156	ipinfo.io
191	api.ipify.org
60	ipinfo.io
160	api.ipify.org
147	api.ipify.org
159	ipinfo.io

Suspicious use of SetThreadContext 64 IoCs

description	pid	Process	procid_target
PID 3024 set thread context of 6664	3024	Ultimate-Crack-Pack.exe	565
PID 2596 set thread context of 6832	2596	Ultimate-Crack-Pack.exe	566
PID 2900 set thread context of 6444	2900	Ultimate-Crack-Pack.exe	960
PID 2640 set thread context of 6624	2640	Ultimate-Crack-Pack.exe	559
PID 2696 set thread context of 6524	2696	Ultimate-Crack-Pack.exe	826
PID 2592 set thread context of 7192	2592	Ultimate-Crack-Pack.exe	576
PID 1580 set thread context of 7432	1580	Ultimate-Crack-Pack.exe	585
PID 1732 set thread context of 7608	1732	Ultimate-Crack-Pack.exe	1108
PID 1792 set thread context of 7624	1792	Ultimate-Crack-Pack.exe	992
PID 2848 set thread context of 7740	2848	Ultimate-Crack-Pack.exe	594
PID 264 set thread context of 7980	264	Ultimate-Crack-Pack.exe	597
PID 2340 set thread context of 8164	2340	Ultimate-Crack-Pack.exe	851
PID 1520 set thread context of 7476	1520	Ultimate-Crack-Pack.exe	604
PID 2216 set thread context of 7796	2216	Ultimate-Crack-Pack.exe	617
PID 3036 set thread context of 7260	3036	Ultimate-Crack-Pack.exe	623
PID 788 set thread context of 7248	788	Ultimate-Crack-Pack.exe	625
PID 352 set thread context of 7520	352	Ultimate-Crack-Pack.exe	624
PID 2468 set thread context of 7944	2468	Ultimate-Crack-Pack.exe	635
PID 616 set thread context of 2520	616	Ultimate-Crack-Pack.exe	641
PID 2280 set thread context of 2288	2280	Ultimate-Crack-Pack.exe	645
PID 2356 set thread context of 7688	2356	Ultimate-Crack-Pack.exe	651
PID 376 set thread context of 7512	376	Ultimate-Crack-Pack.exe	652
PID 2060 set thread context of 8260	2060	Ultimate-Crack-Pack.exe	654
PID 3004 set thread context of 8584	3004	Ultimate-Crack-Pack.exe	661
PID 2676 set thread context of 8408	2676	Ultimate-Crack-Pack.exe	656
PID 2316 set thread context of 8692	2316	Ultimate-Crack-Pack.exe	662
PID 2584 set thread context of 8744	2584	Ultimate-Crack-Pack.exe	665
PID 2812 set thread context of 8888	2812	Ultimate-Crack-Pack.exe	667
PID 1800 set thread context of 8996	1800	Ultimate-Crack-Pack.exe	669
PID 680 set thread context of 7532	680	Ultimate-Crack-Pack.exe	688
PID 2156 set thread context of 8656	2156	Ultimate-Crack-Pack.exe	692
PID 2116 set thread context of 8216	2116	Ultimate-Crack-Pack.exe	696
PID 1628 set thread context of 8784	1628	Ultimate-Crack-Pack.exe	698
PID 2728 set thread context of 8516	2728	Ultimate-Crack-Pack.exe	700
PID 2008 set thread context of 6356	2008	Ultimate-Crack-Pack.exe	702
PID 2416 set thread context of 1756	2416	Ultimate-Crack-Pack.exe	704
PID 820 set thread context of 744	820	Ultimate-Crack-Pack.exe	706
PID 1604 set thread context of 7176	1604	Ultimate-Crack-Pack.exe	718
PID 2732 set thread context of 8964	2732	Ultimate-Crack-Pack.exe	727
PID 2664 set thread context of 2740	2664	Ultimate-Crack-Pack.exe	729
PID 2200 set thread context of 8520	2200	Ultimate-Crack-Pack.exe	733
PID 1868 set thread context of 2312	1868	Ultimate-Crack-Pack.exe	735
PID 2960 set thread context of 8340	2960	Ultimate-Crack-Pack.exe	736
PID 2332 set thread context of 2468	2332	Ultimate-Crack-Pack.exe	756
PID 1980 set thread context of 2668	1980	Ultimate-Crack-Pack.exe	757
PID 1568 set thread context of 352	1568	Ultimate-Crack-Pack.exe	759
PID 2476 set thread context of 8360	2476	Ultimate-Crack-Pack.exe	762
PID 3032 set thread context of 444	3032	Ultimate-Crack-Pack.exe	765
PID 1988 set thread context of 9524	1988	Ultimate-Crack-Pack.exe	789
PID 272 set thread context of 9624	272	Ultimate-Crack-Pack.exe	793
PID 1612 set thread context of 9640	1612	Ultimate-Crack-Pack.exe	795
PID 2792 set thread context of 9632	2792	Ultimate-Crack-Pack.exe	794
PID 2324 set thread context of 10024	2324	Ultimate-Crack-Pack.exe	807
PID 1224 set thread context of 10048	1224	Ultimate-Crack-Pack.exe	808
PID 2056 set thread context of 9236	2056	Ultimate-Crack-Pack.exe	814
PID 1288 set thread context of 10224	1288	Ultimate-Crack-Pack.exe	812
PID 3052 set thread context of 3044	3052	Ultimate-Crack-Pack.exe	815
PID 3028 set thread context of 7392	3028	Ultimate-Crack-Pack.exe	816
PID 2864 set thread context of 8284	2864	Ultimate-Crack-Pack.exe	820
PID 2712 set thread context of 6332	2712	Ultimate-Crack-Pack.exe	825
PID 1600 set thread context of 492	1600	Ultimate-Crack-Pack.exe	827
PID 1556 set thread context of 6848	1556	Ultimate-Crack-Pack.exe	828
PID 2232 set thread context of 8308	2232	Ultimate-Crack-Pack.exe	833
PID 1728 set thread context of 7480	1728	Ultimate-Crack-Pack.exe	835

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Ultimate-Crack-Pack.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Ultimate-Crack-Pack.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Ultimate-Crack-Pack.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Ultimate-Crack-Pack.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	powershell.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Ultimate-Crack-Pack.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Ultimate-Crack-Pack.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Ultimate-Crack-Pack.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Ultimate-Crack-Pack.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Ultimate-Crack-Pack.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Ultimate-Crack-Pack.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Ultimate-Crack-Pack.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Ultimate-Crack-Pack.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Ultimate-Crack-Pack.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Ultimate-Crack-Pack.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Ultimate-Crack-Pack.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Ultimate-Crack-Pack.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	powershell.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Ultimate-Crack-Pack.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Ultimate-Crack-Pack.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Ultimate-Crack-Pack.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Ultimate-Crack-Pack.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Ultimate-Crack-Pack.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Ultimate-Crack-Pack.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Ultimate-Crack-Pack.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Ultimate-Crack-Pack.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Ultimate-Crack-Pack.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Ultimate-Crack-Pack.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Ultimate-Crack-Pack.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Ultimate-Crack-Pack.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Ultimate-Crack-Pack.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	powershell.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	powershell.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Ultimate-Crack-Pack.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Ultimate-Crack-Pack.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Ultimate-Crack-Pack.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Ultimate-Crack-Pack.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Ultimate-Crack-Pack.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Ultimate-Crack-Pack.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	powershell.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Ultimate-Crack-Pack.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Ultimate-Crack-Pack.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Ultimate-Crack-Pack.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Ultimate-Crack-Pack.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Ultimate-Crack-Pack.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Ultimate-Crack-Pack.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Ultimate-Crack-Pack.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Ultimate-Crack-Pack.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Ultimate-Crack-Pack.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Ultimate-Crack-Pack.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	powershell.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Ultimate-Crack-Pack.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Ultimate-Crack-Pack.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Ultimate-Crack-Pack.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Ultimate-Crack-Pack.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Ultimate-Crack-Pack.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1580	Ultimate-Crack-Pack.exe
1580	Ultimate-Crack-Pack.exe
1580	Ultimate-Crack-Pack.exe
1580	Ultimate-Crack-Pack.exe
1580	Ultimate-Crack-Pack.exe
1580	Ultimate-Crack-Pack.exe
1580	Ultimate-Crack-Pack.exe
1580	Ultimate-Crack-Pack.exe
1580	Ultimate-Crack-Pack.exe
1580	Ultimate-Crack-Pack.exe
1580	Ultimate-Crack-Pack.exe
1580	Ultimate-Crack-Pack.exe
1580	Ultimate-Crack-Pack.exe
1580	Ultimate-Crack-Pack.exe
6652	powershell.exe
6652	powershell.exe
6700	powershell.exe
6700	powershell.exe
6852	powershell.exe
6852	powershell.exe
7212	powershell.exe
7212	powershell.exe
1520	Ultimate-Crack-Pack.exe
1520	Ultimate-Crack-Pack.exe
1520	Ultimate-Crack-Pack.exe
1520	Ultimate-Crack-Pack.exe
1520	Ultimate-Crack-Pack.exe
1520	Ultimate-Crack-Pack.exe
1520	Ultimate-Crack-Pack.exe
1520	Ultimate-Crack-Pack.exe
1520	Ultimate-Crack-Pack.exe
1520	Ultimate-Crack-Pack.exe
1520	Ultimate-Crack-Pack.exe
1520	Ultimate-Crack-Pack.exe
1520	Ultimate-Crack-Pack.exe
1520	Ultimate-Crack-Pack.exe
8156	powershell.exe
8156	powershell.exe
616	Ultimate-Crack-Pack.exe
616	Ultimate-Crack-Pack.exe
616	Ultimate-Crack-Pack.exe
616	Ultimate-Crack-Pack.exe
616	Ultimate-Crack-Pack.exe
616	Ultimate-Crack-Pack.exe
616	Ultimate-Crack-Pack.exe
616	Ultimate-Crack-Pack.exe
616	Ultimate-Crack-Pack.exe
616	Ultimate-Crack-Pack.exe
616	Ultimate-Crack-Pack.exe
616	Ultimate-Crack-Pack.exe
616	Ultimate-Crack-Pack.exe
616	Ultimate-Crack-Pack.exe
7784	powershell.exe
7784	powershell.exe
8176	powershell.exe
8176	powershell.exe
7968	powershell.exe
7968	powershell.exe
7600	powershell.exe
7600	powershell.exe
7948	powershell.exe
7948	powershell.exe
7820	powershell.exe
7820	powershell.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	1580	Ultimate-Crack-Pack.exe
Token: SeDebugPrivilege	6652	powershell.exe
Token: SeDebugPrivilege	6700	powershell.exe
Token: SeDebugPrivilege	6852	powershell.exe
Token: SeDebugPrivilege	7212	powershell.exe
Token: SeDebugPrivilege	6524	RegAsm.exe
Token: SeDebugPrivilege	6444	RegAsm.exe
Token: SeDebugPrivilege	6664	RegAsm.exe
Token: SeDebugPrivilege	1520	Ultimate-Crack-Pack.exe
Token: SeDebugPrivilege	8164	RegAsm.exe
Token: SeDebugPrivilege	7608	RegAsm.exe
Token: SeDebugPrivilege	7476	RegAsm.exe
Token: SeDebugPrivilege	7980	RegAsm.exe
Token: SeDebugPrivilege	8156	powershell.exe
Token: SeDebugPrivilege	616	Ultimate-Crack-Pack.exe
Token: SeDebugPrivilege	7740	RegAsm.exe
Token: SeDebugPrivilege	7796	RegAsm.exe
Token: SeDebugPrivilege	7520	RegAsm.exe
Token: SeDebugPrivilege	7248	RegAsm.exe
Token: SeDebugPrivilege	7624	RegAsm.exe
Token: SeDebugPrivilege	7784	powershell.exe
Token: SeDebugPrivilege	8176	powershell.exe
Token: SeDebugPrivilege	7968	powershell.exe
Token: SeDebugPrivilege	7600	powershell.exe
Token: SeDebugPrivilege	7948	powershell.exe
Token: SeDebugPrivilege	7820	powershell.exe
Token: SeDebugPrivilege	2584	Ultimate-Crack-Pack.exe
Token: SeDebugPrivilege	2156	Ultimate-Crack-Pack.exe
Token: SeDebugPrivilege	7944	RegAsm.exe
Token: SeDebugPrivilege	8108	powershell.exe
Token: SeDebugPrivilege	6924	powershell.exe
Token: SeDebugPrivilege	7184	powershell.exe
Token: SeDebugPrivilege	7568	powershell.exe
Token: SeDebugPrivilege	7656	powershell.exe
Token: SeDebugPrivilege	7572	powershell.exe
Token: SeDebugPrivilege	7708	powershell.exe
Token: SeDebugPrivilege	2732	Ultimate-Crack-Pack.exe
Token: SeDebugPrivilege	7260	RegAsm.exe
Token: SeDebugPrivilege	8880	powershell.exe
Token: SeDebugPrivilege	7288	powershell.exe
Token: SeDebugPrivilege	8400	powershell.exe
Token: SeDebugPrivilege	8564	powershell.exe
Token: SeDebugPrivilege	8536	powershell.exe
Token: SeDebugPrivilege	2960	Ultimate-Crack-Pack.exe
Token: SeDebugPrivilege	2288	RegAsm.exe
Token: SeDebugPrivilege	7432	RegAsm.exe
Token: SeDebugPrivilege	8252	powershell.exe
Token: SeDebugPrivilege	7836	powershell.exe
Token: SeDebugPrivilege	6624	RegAsm.exe
Token: SeDebugPrivilege	6832	RegAsm.exe
Token: SeDebugPrivilege	7192	RegAsm.exe
Token: SeDebugPrivilege	7688	RegAsm.exe
Token: SeDebugPrivilege	316	powershell.exe
Token: SeDebugPrivilege	8692	RegAsm.exe
Token: SeDebugPrivilege	8784	RegAsm.exe
Token: SeDebugPrivilege	8988	powershell.exe
Token: SeDebugPrivilege	8832	powershell.exe
Token: SeDebugPrivilege	8500	powershell.exe
Token: SeDebugPrivilege	8516	RegAsm.exe
Token: SeDebugPrivilege	9068	powershell.exe
Token: SeDebugPrivilege	8656	RegAsm.exe
Token: SeDebugPrivilege	9196	powershell.exe
Token: SeDebugPrivilege	264	powershell.exe
Token: SeDebugPrivilege	8408	RegAsm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2740 wrote to memory of 2696	2740	TextUtils.exe	30
PID 2740 wrote to memory of 2696	2740	TextUtils.exe	30
PID 2740 wrote to memory of 2696	2740	TextUtils.exe	30
PID 2740 wrote to memory of 2696	2740	TextUtils.exe	30
PID 2740 wrote to memory of 2764	2740	TextUtils.exe	31
PID 2740 wrote to memory of 2764	2740	TextUtils.exe	31
PID 2740 wrote to memory of 2764	2740	TextUtils.exe	31
PID 2764 wrote to memory of 2900	2764	TextUtils.exe	32
PID 2764 wrote to memory of 2900	2764	TextUtils.exe	32
PID 2764 wrote to memory of 2900	2764	TextUtils.exe	32
PID 2764 wrote to memory of 2900	2764	TextUtils.exe	32
PID 2764 wrote to memory of 2176	2764	TextUtils.exe	33
PID 2764 wrote to memory of 2176	2764	TextUtils.exe	33
PID 2764 wrote to memory of 2176	2764	TextUtils.exe	33
PID 2176 wrote to memory of 2640	2176	TextUtils.exe	34
PID 2176 wrote to memory of 2640	2176	TextUtils.exe	34
PID 2176 wrote to memory of 2640	2176	TextUtils.exe	34
PID 2176 wrote to memory of 2640	2176	TextUtils.exe	34
PID 2176 wrote to memory of 2724	2176	TextUtils.exe	35
PID 2176 wrote to memory of 2724	2176	TextUtils.exe	35
PID 2176 wrote to memory of 2724	2176	TextUtils.exe	35
PID 2724 wrote to memory of 2596	2724	TextUtils.exe	36
PID 2724 wrote to memory of 2596	2724	TextUtils.exe	36
PID 2724 wrote to memory of 2596	2724	TextUtils.exe	36
PID 2724 wrote to memory of 2596	2724	TextUtils.exe	36
PID 2724 wrote to memory of 2624	2724	TextUtils.exe	37
PID 2724 wrote to memory of 2624	2724	TextUtils.exe	37
PID 2724 wrote to memory of 2624	2724	TextUtils.exe	37
PID 2624 wrote to memory of 3024	2624	TextUtils.exe	38
PID 2624 wrote to memory of 3024	2624	TextUtils.exe	38
PID 2624 wrote to memory of 3024	2624	TextUtils.exe	38
PID 2624 wrote to memory of 3024	2624	TextUtils.exe	38
PID 2624 wrote to memory of 1824	2624	TextUtils.exe	39
PID 2624 wrote to memory of 1824	2624	TextUtils.exe	39
PID 2624 wrote to memory of 1824	2624	TextUtils.exe	39
PID 1824 wrote to memory of 2592	1824	TextUtils.exe	40
PID 1824 wrote to memory of 2592	1824	TextUtils.exe	40
PID 1824 wrote to memory of 2592	1824	TextUtils.exe	40
PID 1824 wrote to memory of 2592	1824	TextUtils.exe	40
PID 1824 wrote to memory of 2180	1824	TextUtils.exe	41
PID 1824 wrote to memory of 2180	1824	TextUtils.exe	41
PID 1824 wrote to memory of 2180	1824	TextUtils.exe	41
PID 2180 wrote to memory of 1580	2180	TextUtils.exe	42
PID 2180 wrote to memory of 1580	2180	TextUtils.exe	42
PID 2180 wrote to memory of 1580	2180	TextUtils.exe	42
PID 2180 wrote to memory of 1580	2180	TextUtils.exe	42
PID 2180 wrote to memory of 580	2180	TextUtils.exe	43
PID 2180 wrote to memory of 580	2180	TextUtils.exe	43
PID 2180 wrote to memory of 580	2180	TextUtils.exe	43
PID 580 wrote to memory of 1792	580	TextUtils.exe	44
PID 580 wrote to memory of 1792	580	TextUtils.exe	44
PID 580 wrote to memory of 1792	580	TextUtils.exe	44
PID 580 wrote to memory of 1792	580	TextUtils.exe	44
PID 580 wrote to memory of 2432	580	TextUtils.exe	45
PID 580 wrote to memory of 2432	580	TextUtils.exe	45
PID 580 wrote to memory of 2432	580	TextUtils.exe	45
PID 2432 wrote to memory of 1732	2432	TextUtils.exe	46
PID 2432 wrote to memory of 1732	2432	TextUtils.exe	46
PID 2432 wrote to memory of 1732	2432	TextUtils.exe	46
PID 2432 wrote to memory of 1732	2432	TextUtils.exe	46
PID 2432 wrote to memory of 2620	2432	TextUtils.exe	47
PID 2432 wrote to memory of 2620	2432	TextUtils.exe	47
PID 2432 wrote to memory of 2620	2432	TextUtils.exe	47
PID 2620 wrote to memory of 2848	2620	TextUtils.exe	48

C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
"C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2740
- C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
  "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetThreadContext
  PID:2696
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
    "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:6524
- C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
  "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2764
- - C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
    "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetThreadContext
    PID:2900
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
      4⤵
      Adds Run key to start application
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:6700
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:6444
- - C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
    "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2176
  - - C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
      "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
      4⤵
      Executes dropped EXE
      Suspicious use of SetThreadContext
      PID:2640
    - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        5⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:6624
  - - C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
      "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:2724
    - - C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        5⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:2596
      - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        6⤵
        Adds Run key to start application
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:6852
      - C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        6⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:6832
    - - C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:2624
      - C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        6⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        
        PID:3024
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        7⤵
        Adds Run key to start application
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:6652
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        7⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:6664
      - C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        6⤵
        Suspicious use of WriteProcessMemory
        
        PID:1824
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        7⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        
        PID:2592
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        8⤵
        Adds Run key to start application
        Suspicious use of AdjustPrivilegeToken
        
        PID:7184
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        8⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:7192
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        7⤵
        Suspicious use of WriteProcessMemory
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        8⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:1580
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        9⤵
        Adds Run key to start application
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:7212
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        9⤵
        
        PID:7220
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        9⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:7432
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        8⤵
        Suspicious use of WriteProcessMemory
        
        PID:580
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        9⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:1792
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        10⤵
        Adds Run key to start application
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:7600
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        10⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:7624
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        9⤵
        Suspicious use of WriteProcessMemory
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        10⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:1732
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        11⤵
        Adds Run key to start application
        Command and Scripting Interpreter: PowerShell
        Suspicious use of AdjustPrivilegeToken
        
        PID:7572
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        11⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:7608
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        10⤵
        Suspicious use of WriteProcessMemory
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        11⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:2848
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        12⤵
        Adds Run key to start application
        System Location Discovery: System Language Discovery
        Suspicious use of AdjustPrivilegeToken
        
        PID:7708
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        12⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:7740
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        11⤵
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        12⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        
        PID:264
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        13⤵
        Adds Run key to start application
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:7968
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        13⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:7980
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        12⤵
        
        PID:1828
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        13⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:2340
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        14⤵
        Adds Run key to start application
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:8156
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        14⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:8164
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        13⤵
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        14⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:2216
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        15⤵
        Adds Run key to start application
        Command and Scripting Interpreter: PowerShell
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:7784
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        15⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:7796
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        14⤵
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        15⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:1520
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        16⤵
        Adds Run key to start application
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:8176
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        16⤵
        
        PID:6152
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        16⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:7476
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        15⤵
        
        PID:3032
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        16⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:3036
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        17⤵
        Adds Run key to start application
        System Location Discovery: System Language Discovery
        Suspicious use of AdjustPrivilegeToken
        
        PID:8108
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        17⤵
        System Location Discovery: System Language Discovery
        Suspicious use of AdjustPrivilegeToken
        
        PID:7260
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        16⤵
        
        PID:636
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        17⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:352
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        18⤵
        Adds Run key to start application
        System Location Discovery: System Language Discovery
        Suspicious use of AdjustPrivilegeToken
        
        PID:7656
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        18⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:7520
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        17⤵
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        18⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:788
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        19⤵
        Adds Run key to start application
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:7948
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        19⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:7248
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        18⤵
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        19⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:616
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        20⤵
        Adds Run key to start application
        Suspicious use of AdjustPrivilegeToken
        
        PID:6924
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        20⤵
        
        PID:1100
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        20⤵
        System Location Discovery: System Language Discovery
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        19⤵
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        20⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:2468
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        21⤵
        Adds Run key to start application
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:7820
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        21⤵
        System Location Discovery: System Language Discovery
        Suspicious use of AdjustPrivilegeToken
        
        PID:7944
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        20⤵
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        21⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:2280
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        22⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:7568
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        22⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        21⤵
        
        PID:696
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        22⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:376
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        23⤵
        Adds Run key to start application
        Suspicious use of AdjustPrivilegeToken
        
        PID:7288
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        23⤵
        System Location Discovery: System Language Discovery
        
        PID:7512
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        22⤵
        
        PID:2632
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        23⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:2356
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        24⤵
        Adds Run key to start application
        Command and Scripting Interpreter: PowerShell
        Suspicious use of AdjustPrivilegeToken
        
        PID:7836
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        24⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:7688
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        23⤵
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        24⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:2060
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        25⤵
        Adds Run key to start application
        Command and Scripting Interpreter: PowerShell
        System Location Discovery: System Language Discovery
        Suspicious use of AdjustPrivilegeToken
        
        PID:8252
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        25⤵
        
        PID:8260
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        24⤵
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        25⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:2676
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        26⤵
        Adds Run key to start application
        Command and Scripting Interpreter: PowerShell
        Suspicious use of AdjustPrivilegeToken
        
        PID:8400
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        26⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:8408
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        25⤵
        
        PID:2716
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        26⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        Suspicious use of AdjustPrivilegeToken
        
        PID:2584
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        27⤵
        Adds Run key to start application
        Suspicious use of AdjustPrivilegeToken
        
        PID:8536
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        27⤵
        
        PID:8548
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        27⤵
        
        PID:8744
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        26⤵
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        27⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:3004
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        28⤵
        Adds Run key to start application
        Suspicious use of AdjustPrivilegeToken
        
        PID:8564
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        28⤵
        
        PID:8584
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        27⤵
        
        PID:1332
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        28⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:2316
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        29⤵
        Adds Run key to start application
        Command and Scripting Interpreter: PowerShell
        
        PID:8576
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        29⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:8692
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        28⤵
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        29⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        
        PID:2812
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        30⤵
        Adds Run key to start application
        Suspicious use of AdjustPrivilegeToken
        
        PID:8880
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        30⤵
        
        PID:8888
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        29⤵
        
        PID:1876
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        30⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        
        PID:1800
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        31⤵
        Adds Run key to start application
        Suspicious use of AdjustPrivilegeToken
        
        PID:8988
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        31⤵
        
        PID:8996
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        30⤵
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        31⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:680
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        32⤵
        Adds Run key to start application
        Suspicious use of AdjustPrivilegeToken
        
        PID:9068
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        32⤵
        
        PID:7532
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        31⤵
        
        PID:808
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        32⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        Suspicious use of AdjustPrivilegeToken
        
        PID:2156
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        33⤵
        Adds Run key to start application
        
        PID:9208
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        33⤵
        
        PID:1732
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        33⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:8656
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        32⤵
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        33⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:2116
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        34⤵
        Adds Run key to start application
        Suspicious use of AdjustPrivilegeToken
        
        PID:316
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        34⤵
        
        PID:8216
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        33⤵
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        34⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:1628
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        35⤵
        Adds Run key to start application
        Suspicious use of AdjustPrivilegeToken
        
        PID:8832
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        35⤵
        System Location Discovery: System Language Discovery
        Suspicious use of AdjustPrivilegeToken
        
        PID:8784
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        34⤵
        
        PID:920
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        35⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:2728
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        36⤵
        Adds Run key to start application
        Command and Scripting Interpreter: PowerShell
        Suspicious use of AdjustPrivilegeToken
        
        PID:8500
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        36⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:8516
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        35⤵
        
        PID:1324
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        36⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:2008
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        37⤵
        Adds Run key to start application
        Suspicious use of AdjustPrivilegeToken
        
        PID:9196
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        37⤵
        System Location Discovery: System Language Discovery
        
        PID:6356
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        36⤵
        
        PID:1412
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        37⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        
        PID:2416
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        38⤵
        Adds Run key to start application
        Command and Scripting Interpreter: PowerShell
        Suspicious use of AdjustPrivilegeToken
        
        PID:264
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        38⤵
        
        PID:1756
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        37⤵
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        38⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:820
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        39⤵
        
        PID:1312
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        39⤵
        
        PID:744
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        38⤵
        
        PID:2388
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        39⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:1604
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        40⤵
        Adds Run key to start application
        
        PID:8352
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        40⤵
        
        PID:7176
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        39⤵
        
        PID:1784
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        40⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious use of AdjustPrivilegeToken
        
        PID:2732
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        41⤵
        Command and Scripting Interpreter: PowerShell
        
        PID:7240
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        41⤵
        
        PID:8040
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        41⤵
        System Location Discovery: System Language Discovery
        
        PID:8964
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        40⤵
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        41⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:2664
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        42⤵
        Adds Run key to start application
        
        PID:2440
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        42⤵
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        41⤵
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        42⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        Suspicious use of AdjustPrivilegeToken
        
        PID:2960
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        43⤵
        Adds Run key to start application
        
        PID:1100
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        43⤵
        
        PID:8116
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        43⤵
        
        PID:8340
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        42⤵
        
        PID:2492
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        43⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:2200
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        44⤵
        Adds Run key to start application
        Command and Scripting Interpreter: PowerShell
        
        PID:7872
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        44⤵
        
        PID:8520
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        43⤵
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        44⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:1868
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        45⤵
        Adds Run key to start application
        
        PID:8796
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        45⤵
        System Location Discovery: System Language Discovery
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        44⤵
        
        PID:764
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        45⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:2332
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        46⤵
        Command and Scripting Interpreter: PowerShell
        
        PID:7320
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        46⤵
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        45⤵
        
        PID:1828
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        46⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:1980
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        47⤵
        
        PID:7152
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        47⤵
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        46⤵
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        47⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:3032
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        48⤵
        
        PID:8280
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        48⤵
        
        PID:444
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        47⤵
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        48⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        
        PID:1568
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        49⤵
        
        PID:2268
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        49⤵
        
        PID:352
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        48⤵
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        49⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:2476
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        50⤵
        
        PID:8604
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        50⤵
        
        PID:8360
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        49⤵
        
        PID:1412
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        50⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:1988
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        51⤵
        
        PID:2620
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        51⤵
        
        PID:9524
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        50⤵
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        51⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:1612
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        52⤵
        
        PID:8672
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        52⤵
        
        PID:9640
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        51⤵
        
        PID:2364
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        52⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:2792
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        53⤵
        
        PID:2980
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        53⤵
        
        PID:9632
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        52⤵
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        53⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:272
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        54⤵
        
        PID:3024
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        54⤵
        
        PID:9624
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        53⤵
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        54⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:2324
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        55⤵
        Command and Scripting Interpreter: PowerShell
        
        PID:9360
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        55⤵
        
        PID:10024
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        54⤵
        
        PID:1876
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        55⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:2056
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        56⤵
        Command and Scripting Interpreter: PowerShell
        
        PID:9336
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        56⤵
        
        PID:10184
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        56⤵
        
        PID:9236
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        55⤵
        
        PID:2144
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        56⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:1224
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        57⤵
        Command and Scripting Interpreter: PowerShell
        
        PID:9352
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        57⤵
        
        PID:10048
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        56⤵
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        57⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        
        PID:1728
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        58⤵
        
        PID:9380
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        58⤵
        
        PID:2960
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        58⤵
        
        PID:7480
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        57⤵
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        58⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:3028
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        59⤵
        Command and Scripting Interpreter: PowerShell
        
        PID:9396
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        59⤵
        
        PID:7392
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        58⤵
        
        PID:1412
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        59⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        
        PID:2712
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        60⤵
        Command and Scripting Interpreter: PowerShell
        
        PID:9344
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        60⤵
        
        PID:10232
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        60⤵
        
        PID:2648
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        60⤵
        
        PID:8500
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        60⤵
        
        PID:6332
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        59⤵
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        60⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:1556
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        61⤵
        Command and Scripting Interpreter: PowerShell
        
        PID:9424
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        61⤵
        
        PID:6848
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        60⤵
        
        PID:1772
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        61⤵
        Executes dropped EXE
        
        PID:1808
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        62⤵
        
        PID:9448
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        62⤵
        
        PID:9464
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        61⤵
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        62⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:1288
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        63⤵
        
        PID:9416
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        63⤵
        
        PID:10224
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        62⤵
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        63⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:1600
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        64⤵
        
        PID:9388
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        64⤵
        
        PID:492
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        63⤵
        
        PID:1460
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        64⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        
        PID:3052
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        65⤵
        
        PID:9408
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        65⤵
        
        PID:3044
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        64⤵
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        65⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:2864
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        66⤵
        
        PID:9432
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        66⤵
        
        PID:8284
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        65⤵
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        66⤵
        Suspicious use of SetThreadContext
        
        PID:2232
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        67⤵
        
        PID:9440
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        67⤵
        
        PID:8308
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        66⤵
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        67⤵
        
        PID:1328
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        68⤵
        
        PID:9480
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        68⤵
        
        PID:8092
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        67⤵
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        68⤵
        
        PID:2388
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        69⤵
        
        PID:9492
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        69⤵
        
        PID:8164
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        68⤵
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        69⤵
        
        PID:2028
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        70⤵
        
        PID:9500
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        70⤵
        
        PID:2428
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        69⤵
        
        PID:808
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        70⤵
        
        PID:1828
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        71⤵
        
        PID:9508
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        71⤵
        
        PID:10136
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        70⤵
        
        PID:2344
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        71⤵
        
        PID:2512
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        72⤵
        Command and Scripting Interpreter: PowerShell
        
        PID:9516
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        72⤵
        
        PID:10148
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        71⤵
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        72⤵
        
        PID:2508
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        73⤵
        Command and Scripting Interpreter: PowerShell
        
        PID:9532
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        73⤵
        
        PID:264
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        72⤵
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        73⤵
        
        PID:1744
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        74⤵
        
        PID:9704
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        74⤵
        
        PID:8332
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        73⤵
        
        PID:768
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        74⤵
        System Location Discovery: System Language Discovery
        
        PID:1712
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        75⤵
        
        PID:9892
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        75⤵
        
        PID:8416
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        74⤵
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        75⤵
        
        PID:1412
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        76⤵
        
        PID:9244
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        76⤵
        
        PID:8244
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        75⤵
        
        PID:696
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        76⤵
        
        PID:3112
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        77⤵
        
        PID:10120
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        77⤵
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        76⤵
        
        PID:3120
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        77⤵
        System Location Discovery: System Language Discovery
        
        PID:3176
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        78⤵
        
        PID:7780
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        78⤵
        
        PID:1360
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        77⤵
        
        PID:3184
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        78⤵
        
        PID:3240
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        79⤵
        
        PID:7960
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        79⤵
        
        PID:9032
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        78⤵
        
        PID:3248
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        79⤵
        System Location Discovery: System Language Discovery
        
        PID:3304
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        80⤵
        
        PID:8288
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        80⤵
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        79⤵
        
        PID:3312
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        80⤵
        
        PID:3368
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        81⤵
        Command and Scripting Interpreter: PowerShell
        
        PID:9812
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        81⤵
        
        PID:8560
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        80⤵
        
        PID:3376
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        81⤵
        
        PID:3432
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        82⤵
        
        PID:9620
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        82⤵
        
        PID:7732
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        81⤵
        
        PID:3440
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        82⤵
        System Location Discovery: System Language Discovery
        
        PID:3496
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        83⤵
        
        PID:9700
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        83⤵
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        82⤵
        
        PID:3504
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        83⤵
        
        PID:3560
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        84⤵
        
        PID:9668
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        84⤵
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        83⤵
        
        PID:3568
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        84⤵
        
        PID:3628
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        85⤵
        
        PID:10056
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        85⤵
        
        PID:2716
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        84⤵
        
        PID:3636
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        85⤵
        
        PID:3696
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        86⤵
        
        PID:8104
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        86⤵
        
        PID:1224
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        85⤵
        
        PID:3704
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        86⤵
        
        PID:3760
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        87⤵
        
        PID:3048
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        87⤵
        
        PID:10232
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        86⤵
        
        PID:3768
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        87⤵
        
        PID:3828
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        88⤵
        
        PID:2632
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        88⤵
        
        PID:8876
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        87⤵
        
        PID:3836
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        88⤵
        System Location Discovery: System Language Discovery
        
        PID:3892
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        89⤵
        
        PID:2372
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        89⤵
        
        PID:6532
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        88⤵
        
        PID:3900
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        89⤵
        
        PID:3956
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        90⤵
        
        PID:2176
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        90⤵
        
        PID:10160
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        89⤵
        
        PID:3964
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        90⤵
        
        PID:4020
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        91⤵
        
        PID:1228
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        91⤵
        
        PID:9652
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        90⤵
        
        PID:4028
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        91⤵
        
        PID:4088
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        92⤵
        Command and Scripting Interpreter: PowerShell
        
        PID:9252
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        92⤵
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        91⤵
        
        PID:768
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        92⤵
        
        PID:3088
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        93⤵
        
        PID:9948
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        93⤵
        
        PID:9820
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        92⤵
        
        PID:3100
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        93⤵
        
        PID:3124
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        94⤵
        Command and Scripting Interpreter: PowerShell
        
        PID:1840
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        94⤵
        
        PID:9284
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        93⤵
        
        PID:3192
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        94⤵
        
        PID:3356
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        95⤵
        Command and Scripting Interpreter: PowerShell
        
        PID:6216
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        95⤵
        
        PID:8920
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        94⤵
        
        PID:3276
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        95⤵
        System Location Discovery: System Language Discovery
        
        PID:3360
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        96⤵
        
        PID:2712
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        96⤵
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        95⤵
        
        PID:3412
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        96⤵
        
        PID:3492
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        97⤵
        
        PID:2648
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        97⤵
        
        PID:1556
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        96⤵
        
        PID:3476
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        97⤵
        System Location Discovery: System Language Discovery
        
        PID:3552
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        98⤵
        
        PID:1712
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        98⤵
        
        PID:9268
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        97⤵
        
        PID:3576
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        98⤵
        
        PID:3672
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        99⤵
        
        PID:9572
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        99⤵
        
        PID:10092
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        98⤵
        
        PID:3568
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        99⤵
        
        PID:3724
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        100⤵
        
        PID:2052
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        100⤵
        
        PID:9588
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        100⤵
        
        PID:7556
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        99⤵
        
        PID:3732
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        100⤵
        
        PID:3844
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        101⤵
        
        PID:7648
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        101⤵
        
        PID:9664
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        100⤵
        
        PID:3888
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        101⤵
        System Location Discovery: System Language Discovery
        
        PID:4004
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        102⤵
        
        PID:4020
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        102⤵
        
        PID:9784
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        101⤵
        
        PID:3924
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        102⤵
        
        PID:3968
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        103⤵
        
        PID:3700
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        103⤵
        
        PID:3544
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        103⤵
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        102⤵
        
        PID:4064
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        103⤵
        System Location Discovery: System Language Discovery
        
        PID:3160
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        104⤵
        Command and Scripting Interpreter: PowerShell
        
        PID:4088
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        104⤵
        
        PID:9940
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        103⤵
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        104⤵
        
        PID:3104
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        105⤵
        Command and Scripting Interpreter: PowerShell
        
        PID:10112
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        105⤵
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        104⤵
        
        PID:3120
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        105⤵
        
        PID:3192
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        106⤵
        
        PID:10100
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        106⤵
        
        PID:7808
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        106⤵
        
        PID:3520
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        105⤵
        
        PID:3384
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        106⤵
        
        PID:3400
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        107⤵
        
        PID:10088
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        107⤵
        
        PID:892
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        106⤵
        
        PID:3468
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        107⤵
        
        PID:3680
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        108⤵
        
        PID:3328
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        108⤵
        
        PID:3956
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        107⤵
        
        PID:3476
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        108⤵
        System Location Discovery: System Language Discovery
        
        PID:3688
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        109⤵
        Command and Scripting Interpreter: PowerShell
        
        PID:7824
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        109⤵
        
        PID:9800
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        108⤵
        
        PID:3740
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        109⤵
        
        PID:3840
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        110⤵
        
        PID:8000
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        110⤵
        
        PID:1772
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        109⤵
        
        PID:3952
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        110⤵
        
        PID:3988
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        111⤵
        
        PID:3864
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        111⤵
        
        PID:9884
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        110⤵
        
        PID:4008
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        111⤵
        System Location Discovery: System Language Discovery
        
        PID:3164
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        112⤵
        
        PID:3704
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        112⤵
        
        PID:3828
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        111⤵
        
        PID:3204
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        112⤵
        
        PID:3284
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        113⤵
        
        PID:2296
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        113⤵
        
        PID:7524
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        112⤵
        
        PID:3296
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        113⤵
        
        PID:3528
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        114⤵
        
        PID:3344
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        114⤵
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        113⤵
        
        PID:3516
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        114⤵
        
        PID:3468
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        115⤵
        
        PID:1140
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        115⤵
        
        PID:10552
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        114⤵
        
        PID:3808
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        115⤵
        
        PID:3876
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        116⤵
        
        PID:3508
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        116⤵
        
        PID:10560
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        116⤵
        
        PID:10796
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        115⤵
        
        PID:3824
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        116⤵
        
        PID:4056
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        117⤵
        
        PID:10424
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        117⤵
        
        PID:10568
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        116⤵
        
        PID:4068
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        117⤵
        
        PID:3532
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        118⤵
        
        PID:10476
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        118⤵
        
        PID:10584
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        117⤵
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        118⤵
        System Location Discovery: System Language Discovery
        
        PID:3232
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        119⤵
        
        PID:10652
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        119⤵
        
        PID:10928
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        118⤵
        
        PID:3440
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        119⤵
        
        PID:3804
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        120⤵
        
        PID:10748
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        120⤵
        
        PID:10996
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        119⤵
        
        PID:3772
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        120⤵
        
        PID:3860
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        121⤵
        
        PID:10904
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        121⤵
        
        PID:10084
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        120⤵
        
        PID:4076
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        121⤵
        
        PID:3516
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        122⤵
        
        PID:11028
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        122⤵
        
        PID:10792
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        121⤵
        
        PID:3692
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        122⤵
        
        PID:3536
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        123⤵
        
        PID:10396
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        123⤵
        
        PID:10836
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        122⤵
        
        PID:768
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        123⤵
        
        PID:3772
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        124⤵
        
        PID:3372
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        124⤵
        
        PID:11216
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        123⤵
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        124⤵
        
        PID:2956
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        125⤵
        
        PID:10704
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        125⤵
        
        PID:10268
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        124⤵
        
        PID:3548
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        125⤵
        
        PID:4008
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        126⤵
        Command and Scripting Interpreter: PowerShell
        
        PID:11156
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        126⤵
        
        PID:10312
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        126⤵
        
        PID:3148
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        126⤵
        
        PID:10248
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        125⤵
        
        PID:768
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        126⤵
        System Location Discovery: System Language Discovery
        
        PID:3120
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        127⤵
        
        PID:11192
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        127⤵
        
        PID:10332
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        126⤵
        
        PID:3824
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        127⤵
        
        PID:4128
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        128⤵
        
        PID:10308
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        128⤵
        
        PID:10720
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        127⤵
        
        PID:4136
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        128⤵
        
        PID:4192
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        129⤵
        
        PID:10420
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        129⤵
        
        PID:10816
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        128⤵
        
        PID:4200
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        129⤵
        
        PID:4256
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        130⤵
        Command and Scripting Interpreter: PowerShell
        
        PID:10524
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        130⤵
        
        PID:11108
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        129⤵
        
        PID:4264
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        130⤵
        
        PID:4320
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        131⤵
        Command and Scripting Interpreter: PowerShell
        
        PID:9688
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        131⤵
        
        PID:10832
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        130⤵
        
        PID:4328
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        131⤵
        
        PID:4388
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        132⤵
        
        PID:11136
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        132⤵
        
        PID:11064
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        131⤵
        
        PID:4396
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        132⤵
        
        PID:4452
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        133⤵
        Command and Scripting Interpreter: PowerShell
        
        PID:11048
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        133⤵
        
        PID:10768
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        132⤵
        
        PID:4468
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        133⤵
        
        PID:4516
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        134⤵
        
        PID:10288
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        134⤵
        
        PID:10292
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        133⤵
        
        PID:4524
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        134⤵
        
        PID:4576
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        135⤵
        Command and Scripting Interpreter: PowerShell
        
        PID:10304
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        135⤵
        
        PID:11428
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        134⤵
        
        PID:4588
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        135⤵
        
        PID:4644
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        136⤵
        
        PID:10936
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        136⤵
        
        PID:11680
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        135⤵
        
        PID:4652
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        136⤵
        
        PID:4708
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        137⤵
        Command and Scripting Interpreter: PowerShell
        
        PID:10376
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        137⤵
        
        PID:11304
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        136⤵
        
        PID:4716
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        137⤵
        
        PID:4776
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        138⤵
        Command and Scripting Interpreter: PowerShell
        
        PID:10284
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        138⤵
        
        PID:9908
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        137⤵
        
        PID:4784
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        138⤵
        
        PID:4844
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        139⤵
        Command and Scripting Interpreter: PowerShell
        
        PID:11212
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        139⤵
        
        PID:11844
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        138⤵
        
        PID:4852
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        139⤵
        
        PID:4912
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        140⤵
        
        PID:10440
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        140⤵
        
        PID:12116
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        140⤵
        
        PID:11636
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        139⤵
        
        PID:4920
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        140⤵
        
        PID:4980
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        141⤵
        
        PID:10208
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        141⤵
        
        PID:12096
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        140⤵
        
        PID:4988
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        141⤵
        
        PID:5040
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        142⤵
        Command and Scripting Interpreter: PowerShell
        
        PID:11124
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        142⤵
        
        PID:11388
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        141⤵
        
        PID:5048
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        142⤵
        
        PID:5112
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        143⤵
        
        PID:11836
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        143⤵
        
        PID:11356
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        142⤵
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        143⤵
        
        PID:4104
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        144⤵
        
        PID:11920
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        144⤵
        
        PID:11364
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        143⤵
        
        PID:3888
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        144⤵
        System Location Discovery: System Language Discovery
        
        PID:4136
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        145⤵
        
        PID:12124
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        145⤵
        
        PID:10900
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        145⤵
        
        PID:11648
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        144⤵
        
        PID:4308
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        145⤵
        
        PID:4312
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        146⤵
        
        PID:11340
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        146⤵
        
        PID:11368
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        145⤵
        
        PID:4336
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        146⤵
        System Location Discovery: System Language Discovery
        
        PID:4328
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        147⤵
        
        PID:12068
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        147⤵
        
        PID:9072
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        146⤵
        
        PID:4504
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        147⤵
        System Location Discovery: System Language Discovery
        
        PID:4492
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        148⤵
        
        PID:12136
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        148⤵
        
        PID:11228
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        148⤵
        
        PID:11592
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        147⤵
        
        PID:4472
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        148⤵
        
        PID:4628
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        149⤵
        
        PID:11992
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        149⤵
        
        PID:10960
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        148⤵
        
        PID:4640
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        149⤵
        
        PID:4688
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        150⤵
        
        PID:12060
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        150⤵
        
        PID:11896
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        150⤵
        
        PID:11624
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        149⤵
        
        PID:4700
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        150⤵
        
        PID:4820
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        151⤵
        
        PID:12044
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        151⤵
        
        PID:11556
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        150⤵
        
        PID:4828
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        151⤵
        
        PID:4908
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        152⤵
        Command and Scripting Interpreter: PowerShell
        
        PID:12032
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        152⤵
        
        PID:11524
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        152⤵
        
        PID:10964
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        151⤵
        
        PID:4880
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        152⤵
        System Location Discovery: System Language Discovery
        
        PID:4972
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        153⤵
        
        PID:9596
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        153⤵
        
        PID:11252
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        152⤵
        
        PID:4996
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        153⤵
        
        PID:5092
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        154⤵
        
        PID:11448
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        154⤵
        
        PID:12276
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        153⤵
        
        PID:5100
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        154⤵
        
        PID:4208
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        155⤵
        
        PID:11468
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        155⤵
        
        PID:10548
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        154⤵
        
        PID:3868
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        155⤵
        
        PID:4168
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        156⤵
        
        PID:11480
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        156⤵
        
        PID:12652
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        156⤵
        
        PID:12056
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        155⤵
        
        PID:4144
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        156⤵
        
        PID:4332
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        157⤵
        Command and Scripting Interpreter: PowerShell
        
        PID:11496
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        157⤵
        
        PID:12624
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        156⤵
        
        PID:4428
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        157⤵
        System Location Discovery: System Language Discovery
        
        PID:4396
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        158⤵
        
        PID:11508
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        158⤵
        
        PID:12616
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        157⤵
        
        PID:4568
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        158⤵
        
        PID:4544
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        159⤵
        Command and Scripting Interpreter: PowerShell
        
        PID:11620
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        159⤵
        
        PID:12608
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        158⤵
        
        PID:4680
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        159⤵
        
        PID:4768
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        160⤵
        
        PID:11724
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        160⤵
        
        PID:12600
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        159⤵
        
        PID:4812
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        160⤵
        
        PID:5020
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        161⤵
        
        PID:2316
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        161⤵
        
        PID:4052
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        160⤵
        
        PID:4952
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        161⤵
        
        PID:5016
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        162⤵
        Command and Scripting Interpreter: PowerShell
        
        PID:3500
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        162⤵
        
        PID:11588
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        161⤵
        
        PID:5036
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        162⤵
        
        PID:4172
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        163⤵
        
        PID:11344
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        163⤵
        
        PID:11568
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        162⤵
        
        PID:5100
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        163⤵
        System Location Discovery: System Language Discovery
        
        PID:4288
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        164⤵
        
        PID:12076
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        164⤵
        
        PID:12532
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        163⤵
        
        PID:4364
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        164⤵
        
        PID:4600
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        165⤵
        
        PID:12052
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        165⤵
        
        PID:12592
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        164⤵
        
        PID:4552
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        165⤵
        System Location Discovery: System Language Discovery
        
        PID:4300
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        166⤵
        
        PID:11012
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        166⤵
        
        PID:12516
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        165⤵
        
        PID:4860
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        166⤵
        
        PID:4816
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        167⤵
        
        PID:3316
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        167⤵
        
        PID:12540
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        167⤵
        
        PID:13132
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        166⤵
        
        PID:4960
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        167⤵
        
        PID:5108
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        168⤵
        
        PID:11576
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        168⤵
        
        PID:12696
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        167⤵
        
        PID:768
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        168⤵
        
        PID:4408
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        169⤵
        
        PID:12220
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        169⤵
        
        PID:12704
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        168⤵
        
        PID:4188
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        169⤵
        
        PID:4792
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        170⤵
        Command and Scripting Interpreter: PowerShell
        
        PID:12268
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        170⤵
        
        PID:12756
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        169⤵
        
        PID:4696
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        170⤵
        
        PID:4884
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        171⤵
        
        PID:12804
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        171⤵
        
        PID:3164
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        170⤵
        
        PID:4836
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        171⤵
        
        PID:4996
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        172⤵
        
        PID:12792
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        172⤵
        
        PID:12992
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        171⤵
        
        PID:5036
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        172⤵
        
        PID:5100
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        173⤵
        Command and Scripting Interpreter: PowerShell
        
        PID:12776
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        173⤵
        
        PID:11872
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        172⤵
        
        PID:4640
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        173⤵
        
        PID:4364
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        174⤵
        
        PID:12816
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        174⤵
        
        PID:12212
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        173⤵
        
        PID:4236
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        174⤵
        
        PID:4232
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        175⤵
        Command and Scripting Interpreter: PowerShell
        
        PID:12924
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        175⤵
        
        PID:12908
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        175⤵
        
        PID:12296
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        175⤵
        
        PID:3420
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        174⤵
        
        PID:5072
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        175⤵
        
        PID:4976
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        176⤵
        
        PID:12456
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        176⤵
        
        PID:12208
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        176⤵
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        175⤵
        
        PID:4500
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        176⤵
        
        PID:4404
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        177⤵
        
        PID:12420
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        177⤵
        
        PID:13020
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        176⤵
        
        PID:4552
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        177⤵
        
        PID:4896
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        178⤵
        
        PID:13108
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        178⤵
        
        PID:13120
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        177⤵
        
        PID:4244
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        178⤵
        System Location Discovery: System Language Discovery
        
        PID:5152
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        179⤵
        Command and Scripting Interpreter: PowerShell
        
        PID:13124
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        179⤵
        
        PID:3900
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        178⤵
        
        PID:5160
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        179⤵
        
        PID:5216
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        180⤵
        
        PID:10128
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        180⤵
        
        PID:3884
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        179⤵
        
        PID:5224
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        180⤵
        
        PID:5280
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        181⤵
        
        PID:3932
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        181⤵
        
        PID:3860
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        180⤵
        
        PID:5288
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        181⤵
        
        PID:5344
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        182⤵
        
        PID:13288
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        182⤵
        
        PID:3596
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        181⤵
        
        PID:5352
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        182⤵
        
        PID:5412
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        183⤵
        Command and Scripting Interpreter: PowerShell
        
        PID:11092
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        183⤵
        
        PID:3536
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        182⤵
        
        PID:5420
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        183⤵
        
        PID:5480
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        184⤵
        Command and Scripting Interpreter: PowerShell
        
        PID:3756
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        184⤵
        
        PID:11532
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        183⤵
        
        PID:5488
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        184⤵
        
        PID:5544
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        185⤵
        
        PID:3744
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        185⤵
        
        PID:10944
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        184⤵
        
        PID:5552
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        185⤵
        System Location Discovery: System Language Discovery
        
        PID:5608
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        186⤵
        
        PID:10252
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        186⤵
        
        PID:11928
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        186⤵
        
        PID:3532
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        185⤵
        
        PID:5616
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        186⤵
        
        PID:5672
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        187⤵
        
        PID:12328
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        187⤵
        
        PID:4556
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        187⤵
        
        PID:11072
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        186⤵
        
        PID:5680
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        187⤵
        
        PID:5740
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        188⤵
        
        PID:10864
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        188⤵
        
        PID:3464
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        187⤵
        
        PID:5748
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        188⤵
        System Location Discovery: System Language Discovery
        
        PID:5804
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        189⤵
        Command and Scripting Interpreter: PowerShell
        
        PID:12680
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        189⤵
        
        PID:3516
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        188⤵
        
        PID:5812
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        189⤵
        
        PID:5872
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        190⤵
        
        PID:12864
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        190⤵
        
        PID:11988
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        189⤵
        
        PID:5880
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        190⤵
        
        PID:5940
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        191⤵
        
        PID:12028
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        191⤵
        
        PID:13756
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        190⤵
        
        PID:5948
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        191⤵
        
        PID:6004
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        192⤵
        
        PID:2432
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        192⤵
        
        PID:12340
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        191⤵
        
        PID:6012
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        192⤵
        System Location Discovery: System Language Discovery
        
        PID:6068
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        193⤵
        
        PID:12088
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        193⤵
        
        PID:13552
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        192⤵
        
        PID:6076
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        193⤵
        System Location Discovery: System Language Discovery
        
        PID:6132
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        194⤵
        
        PID:13996
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        193⤵
        
        PID:6140
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        194⤵
        
        PID:5124
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        195⤵
        
        PID:10692
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        195⤵
        
        PID:4712
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        194⤵
        
        PID:5132
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        195⤵
        
        PID:5232
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        196⤵
        
        PID:3780
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        196⤵
        
        PID:13524
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        196⤵
        
        PID:11720
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        195⤵
        
        PID:5264
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        196⤵
        
        PID:5340
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        197⤵
        
        PID:13904
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        197⤵
        
        PID:13700
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        196⤵
        
        PID:5312
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        197⤵
        
        PID:5404
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        198⤵
        
        PID:13964
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        198⤵
        
        PID:13256
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        197⤵
        
        PID:5428
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        198⤵
        
        PID:5512
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        199⤵
        
        PID:14012
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        199⤵
        
        PID:13252
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        198⤵
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        199⤵
        
        PID:5580
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        200⤵
        
        PID:13860
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        199⤵
        
        PID:5596
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        200⤵
        
        PID:5620
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        201⤵
        
        PID:13956
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        200⤵
        
        PID:5712
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        201⤵
        
        PID:5680
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        202⤵
        
        PID:13888
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        201⤵
        
        PID:5800
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        202⤵
        System Location Discovery: System Language Discovery
        
        PID:5836
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        203⤵
        Command and Scripting Interpreter: PowerShell
        
        PID:14036
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        203⤵
        
        PID:12856
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        202⤵
        
        PID:5864
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        203⤵
        
        PID:5980
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        204⤵
        
        PID:14020
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        203⤵
        
        PID:5880
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        204⤵
        System Location Discovery: System Language Discovery
        
        PID:6044
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        205⤵
        Command and Scripting Interpreter: PowerShell
        
        PID:14056
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        205⤵
        
        PID:13188
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        204⤵
        
        PID:6060
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        205⤵
        System Location Discovery: System Language Discovery
        
        PID:4236
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        206⤵
        
        PID:14256
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        206⤵
        
        PID:14264
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        205⤵
        
        PID:6076
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        206⤵
        
        PID:5268
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        207⤵
        
        PID:10756
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        207⤵
        
        PID:14268
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        206⤵
        
        PID:5196
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        207⤵
        
        PID:5324
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        208⤵
        
        PID:13328
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        208⤵
        
        PID:14248
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        207⤵
        
        PID:5472
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        208⤵
        
        PID:5488
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        209⤵
        
        PID:13280
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        209⤵
        
        PID:14280
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        208⤵
        
        PID:5452
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        209⤵
        
        PID:5604
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        210⤵
        
        PID:12880
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        210⤵
        
        PID:14292
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        209⤵
        
        PID:5556
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        210⤵
        
        PID:5596
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        211⤵
        
        PID:13036
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        210⤵
        
        PID:5856
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        211⤵
        
        PID:5848
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        212⤵
        
        PID:11832
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        211⤵
        
        PID:5888
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        212⤵
        
        PID:5864
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        213⤵
        
        PID:13592
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        213⤵
        
        PID:12784
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        212⤵
        
        PID:6036
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        213⤵
        
        PID:6124
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        214⤵
        
        PID:5032
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        214⤵
        
        PID:13804
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        213⤵
        
        PID:5168
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        214⤵
        
        PID:5444
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        215⤵
        Command and Scripting Interpreter: PowerShell
        
        PID:14044
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        215⤵
        
        PID:12148
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        214⤵
        
        PID:5132
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        215⤵
        
        PID:5588
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        216⤵
        
        PID:14048
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        216⤵
        
        PID:5064
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        215⤵
        
        PID:5492
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        216⤵
        
        PID:5928
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        217⤵
        
        PID:14148
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        217⤵
        
        PID:11360
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        216⤵
        
        PID:5640
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        217⤵
        
        PID:5696
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        218⤵
        
        PID:3908
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        217⤵
        
        PID:5948
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        218⤵
        
        PID:5888
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        219⤵
        
        PID:14328
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        218⤵
        
        PID:5148
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        219⤵
        System Location Discovery: System Language Discovery
        
        PID:5260
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        220⤵
        
        PID:4516
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        219⤵
        
        PID:5072
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        220⤵
        
        PID:5256
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        221⤵
        
        PID:10972
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        220⤵
        
        PID:5540
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        221⤵
        
        PID:5956
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        222⤵
        
        PID:10672
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        221⤵
        
        PID:5728
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        222⤵
        
        PID:5884
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        223⤵
        Command and Scripting Interpreter: PowerShell
        
        PID:13448
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        222⤵
        
        PID:5140
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        223⤵
        
        PID:5464
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'msconfig.exe' -Value '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration\msconfig.exe.exe"' -PropertyType 'String'
        224⤵
        
        PID:13784
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        223⤵
        
        PID:5396
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        224⤵
        System Location Discovery: System Language Discovery
        
        PID:5452
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        224⤵
        
        PID:5660
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        225⤵
        
        PID:6060
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        225⤵
        
        PID:5428
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        226⤵
        
        PID:4244
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        226⤵
        
        PID:5132
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        227⤵
        
        PID:6112
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        227⤵
        
        PID:5760
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        228⤵
        System Location Discovery: System Language Discovery
        
        PID:5492
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        228⤵
        
        PID:5932
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        229⤵
        
        PID:6172
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        229⤵
        
        PID:6180
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        230⤵
        
        PID:6236
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        230⤵
        
        PID:6244
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        231⤵
        
        PID:6304
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        231⤵
        
        PID:6312
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        232⤵
        
        PID:6368
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        232⤵
        
        PID:6376
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        233⤵
        System Location Discovery: System Language Discovery
        
        PID:6432
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        233⤵
        
        PID:6440
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        234⤵
        
        PID:6500
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        234⤵
        
        PID:6520
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        235⤵
        
        PID:6564
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        235⤵
        
        PID:6572
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        236⤵
        
        PID:6628
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        236⤵
        
        PID:6648
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        237⤵
        
        PID:6692
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        237⤵
        
        PID:6700
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        238⤵
        
        PID:6756
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        238⤵
        
        PID:6764
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        239⤵
        
        PID:6816
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        239⤵
        
        PID:6828
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        240⤵
        
        PID:6884
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        240⤵
        
        PID:6892
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        241⤵
        System Location Discovery: System Language Discovery
        
        PID:6948
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        241⤵
        
        PID:6956
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        242⤵
        System Location Discovery: System Language Discovery
        
        PID:7016
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        242⤵
        
        PID:7024
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        243⤵
        
        PID:7080
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        243⤵
        
        PID:7088
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        244⤵
        
        PID:7144
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        244⤵
        
        PID:7152
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        245⤵
        
        PID:6168
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        245⤵
        
        PID:6220
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        246⤵
        
        PID:6184
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        246⤵
        
        PID:6252
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        247⤵
        
        PID:6352
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        247⤵
        
        PID:6364
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        248⤵
        System Location Discovery: System Language Discovery
        
        PID:6404
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        248⤵
        
        PID:6424
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        249⤵
        
        PID:6548
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        249⤵
        
        PID:6560
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        250⤵
        System Location Discovery: System Language Discovery
        
        PID:6596
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        250⤵
        
        PID:6576
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        251⤵
        
        PID:6736
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        251⤵
        
        PID:6648
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        252⤵
        
        PID:6792
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        252⤵
        
        PID:6812
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        253⤵
        
        PID:6900
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        253⤵
        
        PID:6996
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        254⤵
        System Location Discovery: System Language Discovery
        
        PID:7012
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        254⤵
        
        PID:6960
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        255⤵
        System Location Discovery: System Language Discovery
        
        PID:7072
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        255⤵
        
        PID:6488
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        256⤵
        
        PID:7092
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        256⤵
        
        PID:6200
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        257⤵
        
        PID:6212
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        257⤵
        
        PID:5932
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        258⤵
        
        PID:6360
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        258⤵
        
        PID:6252
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        259⤵
        
        PID:6552
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        259⤵
        
        PID:6532
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        260⤵
        
        PID:6672
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        260⤵
        
        PID:6560
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        261⤵
        
        PID:6872
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        261⤵
        
        PID:6824
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        262⤵
        
        PID:6836
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        262⤵
        
        PID:6924
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        263⤵
        
        PID:7076
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        263⤵
        
        PID:7068
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        264⤵
        
        PID:6292
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        264⤵
        
        PID:7152
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        265⤵
        
        PID:6364
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        265⤵
        
        PID:6344
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        266⤵
        
        PID:6424
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        266⤵
        
        PID:6856
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        267⤵
        
        PID:7228
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        267⤵
        
        PID:7248
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        268⤵
        
        PID:7668
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        268⤵
        
        PID:7872
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        269⤵
        
        PID:8184
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        269⤵
        
        PID:7392
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        270⤵
        System Location Discovery: System Language Discovery
        
        PID:7224
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        270⤵
        
        PID:6856
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        271⤵
        
        PID:6344
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        271⤵
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        272⤵
        
        PID:8708
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        272⤵
        
        PID:8716
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        273⤵
        
        PID:9004
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        273⤵
        
        PID:7320
        
        C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe"
        274⤵
        
        PID:8196
        
        C:\Users\Admin\AppData\Local\Temp\TextUtils.exe
        
        "C:\Users\Admin\AppData\Local\Temp\TextUtils.exe"
        274⤵
        
        PID:8204

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1071953091-9391895661247359573-17728952251398149-2068068109-7805493061564688445"
1⤵
PID:6812

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-386428183-1943520837-12184504031874829580577458350-1532761617-4620571481776736474"
1⤵
PID:6892

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "14452352044806669532065586783-241797768910891261162512795-1519890513-850785909"
1⤵
PID:7068

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1480585287-10280191451139111433250484963-1150606553-2112815867-9237774321911793237"
1⤵
PID:6152

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "16221637761039753428-20146884-1736742928-275430833-16313176656415590521108306552"
1⤵
PID:7600

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1879173024-1450083333-2056348436-1276092019-4884022081832652073700465722697263878"
1⤵
PID:8204

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1965310536-1325145269692618680-185403231314436891881051004207943085007-786057304"
1⤵
PID:6524

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-15643121922033759275-2082100626742940733325631890-678750431-17392326071021465543"
1⤵
PID:10184

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "14473816461043783685237889019-7579427022055355842432572779385404959-1246004158"
1⤵
PID:8988

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "226683451368296774-6678825331965150519-11235915967925799661181674599842178561"
1⤵
PID:7872

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-2044956890-1567203473-17727273651595472426626018120963653376915148611127239547"
1⤵
PID:6444

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-582046484-170789826819628246721735963811-72078568619149345429063863941890779605"
1⤵
PID:1312

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "10236370252008153603505593498525248339677624705-82373946-425085700808799927"
1⤵
PID:7624

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-10907173571238802256149709676-1975719077-115911021-16228481761465658312-803845379"
1⤵
PID:7320

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "11288293761697153108-772018450-13929544391988133214750725462-21381748021637933058"
1⤵
PID:7608

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1061651470-1293395759-38415866020353209101519312099-1035245592-251469587-29835256"
1⤵
PID:2620

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "82572555-1803936185-2068859027-196864312313985668971737523060156493841368141180"
1⤵
PID:3440

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-417612924-60450184-935243151-629720351482346145-740906477-1564032352-1622245583"
1⤵
PID:4452

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Ultimate-Crack-Pack.exe

Filesize
115KB

MD5
dc6f230a993249cbe632aea3edbbd63e

SHA1
ee67ed14eb647918d0d7ffd11ba7b665eeb19c27

SHA256
a6c001e47fd68b6c97fa484c5c98f918eed5d231bd8f1a4e4ad65af20788118b

SHA512
7e9b46e5d8e8fa609c839d570cf6cf80c7464de553f094e02b6f86e96dc81ce65a1f5f071acd6fadec9d1f4690f48972d4425a7dc2bb0bab7d0588eae81fa5e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpA160.tmp

Filesize
46KB

MD5
02d2c46697e3714e49f46b680b9a6b83

SHA1
84f98b56d49f01e9b6b76a4e21accf64fd319140

SHA256
522cad95d3fa6ebb3274709b8d09bbb1ca37389d0a924cd29e934a75aa04c6c9

SHA512
60348a145bfc71b1e07cb35fa79ab5ff472a3d0a557741ea2d39b3772bc395b86e261bd616f65307ae0d997294e49b5548d32f11e86ef3e2704959ca63da8aac

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpA187.tmp

Filesize
92KB

MD5
2c87b2d541eecd3b4a69f502e63a5783

SHA1
c3d1777df678cf4ef89ec8330f4d64f07fb26f9e

SHA256
eae2daadf140785ff98f48909f57ec24b3138fc0744018ec84a4ff8932c3d638

SHA512
502bd68d3ead4d794969b1db7dde114e0d3ded7fc52d81ab4e50c9d59ba74a0279426b54502301e2589929802b91ff8aa32d7e3d02a79d98209e540b40f7304c

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpA48B.tmp

Filesize
96KB

MD5
d367ddfda80fdcf578726bc3b0bc3e3c

SHA1
23fcd5e4e0e5e296bee7e5224a8404ecd92cf671

SHA256
0b8607fdf72f3e651a2a8b0ac7be171b4cb44909d76bb8d6c47393b8ea3d84a0

SHA512
40e9239e3f084b4b981431817ca282feb986cf49227911bf3d68845baf2ee626b564c8fabe6e13b97e6eb214da1c02ca09a62bcf5e837900160cf479c104bf77

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpA6CA.tmp

Filesize
1.2MB

MD5
ee9f09eb3ac06b98f266716017fa5582

SHA1
7eba6ddf3b1f8de8fe461b7e8338f91b60b86d37

SHA256
ac8b01728ea05851280f0bc9131cbb4e0ca2fe5fd2699110a28e4b8967e5beb6

SHA512
8a83a5d961f94f7f8a66d3465b92e1ca0e266696dda675c5abb95f0d59f1ce92708338fc5eed868e6ffb9d8a4e7c78246961bb056c1be68f96a5eda89409dd45

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpA6CB.tmp

Filesize
1.2MB

MD5
9037ca2f5c7e86316fe13dd12315fc3a

SHA1
17b6c351136b4bc81bde9f5d24a08ebaaf0d8ce7

SHA256
984260c1dfeb1249bce35d6f0e79ec5e8759c9b874f8e3f25c299dc3e6582ffb

SHA512
386ebba619666f67dca1ecf262dbed9e546a1be0406cdc3d716fca9c27569c6760672bf83ebe271d09e61f9f5b5e1bad432688d28435f8a184b8fdc8336c64d2

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpA6CC.tmp

Filesize
884KB

MD5
9520834d0c453439b9fa07974106b69a

SHA1
cbcf4180ac59c460e66c292a581a91b37d027c5e

SHA256
f38d4c3bca5945ad6c36fd5a72f8b7543b6e86bb5036b6786a7a0296f412b4fc

SHA512
ee3ff561e58aa91ce07f73bc54406f1dba30e186a96a16d731272dca1bf122fb23faee2ddf366f4cda2d1a53b456e4f752d9ffdfc188015bb773f45bb0885205

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpA6CD.tmp

Filesize
14KB

MD5
94f7783d70c09ef5458e4415b67a66cb

SHA1
8bb979eb4ecefdca1cd14db98cf6269dce9ec83f

SHA256
400157678b791b088b5d209e61546888f5e4ed6f2f43968b9a83bb0e29a18098

SHA512
d32546027a07e9b3d560dbdd1b7dcfba00b9b4d6ed78903a1c12d1792eb4f5dac0fc497ba0ba46b65f98b82905428080e886a008ff85a3a6c995a2aa76b39e07

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpA6CE.tmp

Filesize
977KB

MD5
be89ff2cd2ca3b701f1f4636c464f719

SHA1
dafea8eef262964361e196f6fe06b3d6bef5aee0

SHA256
c1ee8ce8ed8ff611837872a2a4380ed2bc63fd75326d338f7f0cd6dfd6c36b68

SHA512
ad7b4bf318d1fab966d925f505eda07b1c42b3fc314fc83f42b39f7a081f4327054380221c1b9b59d9233c80cef9764d1f870a23c19dd9861d0ec3788e8de68c

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpA9C0.tmp

Filesize
15KB

MD5
1fdbc30fe78afb1e79bd14e8bd22073a

SHA1
6d295dabe63a31f00098e9a471ca98a24470c5e7

SHA256
c68229c78f3e804e6b35a2a7f5a0792b405d4db7a50dd14d605cf511a118e0d8

SHA512
8792d8a08af17f41a36aff1e2fef4227a53abda3b790a72ceba0500b2ae5fe2c4dddc9255ea0378f3256cdb2bc75fe9d9c1e16dba57674e0ab3873c5bda88e0a

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpA9C1.tmp

Filesize
15KB

MD5
7dee2995b2f5b9f98e48bc0be604c9c6

SHA1
73a56a26b0d2abfd6ebd0d9d2005cd421c82873d

SHA256
d69ada134e5722f3ed7242c8aa6e89e30f9a2e431c60e94c5cd35740244181d7

SHA512
bd5d7bc365f41c3b3a56962e8b5422c174cf6fb792c5094349b2aecc870bb99c26c3123596d23c292ad1aa680708374307bce005213608841c1504d49638915c

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpA9C2.tmp

Filesize
20KB

MD5
cf7a471dbe73623b8030da2148533e53

SHA1
905aa3d8c05e0bb5dd36d8bb912674cdeed9bfec

SHA256
bc3ee833f0396ffdbc540aeb580e0b889dabd76ce192476cb810b048804b7245

SHA512
80442abf272908c4c36efd731d3922e1c932ca76156f7654b487ccd598a7f78404aff9eac9d9be093e6bbc6599c6e1bd0451bc9f33224df09395f0f40a2c2ee7

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\TGP9991IQB48FRGGG36Z.temp

Filesize
7KB

MD5
4f8ac65b30afd07981b14237aa05978f

SHA1
dd192de4b6d8c7619c3d583e33816523bc5df94d

SHA256
e45c45878abd368066d1d1bf20770c6cd32317e9320505a69e57cc5ad200a263

SHA512
15980ab9027eb5a3ea2ec8558742e1fa15b860a462cc6e06f13b9410dde54d1cfeb8a10086b3c38034cadc70248eb2b87c481469874b6738c4141e4ccb592538

Download Submit
memory/352-250-0x0000000000430000-0x0000000000452000-memory.dmp

Filesize
136KB

Download
memory/1328-840-0x0000000000400000-0x0000000000422000-memory.dmp

Filesize
136KB

Download
memory/1580-116-0x00000000004F0000-0x0000000000512000-memory.dmp

Filesize
136KB

Download
memory/1628-503-0x0000000000500000-0x0000000000522000-memory.dmp

Filesize
136KB

Download
memory/1728-744-0x00000000003F0000-0x0000000000412000-memory.dmp

Filesize
136KB

Download
memory/1828-867-0x0000000000410000-0x0000000000432000-memory.dmp

Filesize
136KB

Download
memory/2028-857-0x0000000000220000-0x0000000000242000-memory.dmp

Filesize
136KB

Download
memory/2216-226-0x00000000003C0000-0x00000000003E2000-memory.dmp

Filesize
136KB

Download
memory/2280-323-0x0000000000460000-0x0000000000482000-memory.dmp

Filesize
136KB

Download
memory/2324-714-0x0000000000510000-0x0000000000532000-memory.dmp

Filesize
136KB

Download
memory/2340-213-0x0000000000340000-0x0000000000362000-memory.dmp

Filesize
136KB

Download
memory/2356-339-0x00000000003A0000-0x00000000003C2000-memory.dmp

Filesize
136KB

Download
memory/2640-71-0x0000000000400000-0x0000000000422000-memory.dmp

Filesize
136KB

Download
memory/2676-387-0x0000000000420000-0x0000000000442000-memory.dmp

Filesize
136KB

Download
memory/2696-8-0x0000000000A30000-0x0000000000A54000-memory.dmp

Filesize
144KB

Download
memory/2728-515-0x0000000000340000-0x0000000000362000-memory.dmp

Filesize
136KB

Download
memory/2732-585-0x0000000000520000-0x0000000000542000-memory.dmp

Filesize
136KB

Download
memory/2740-1-0x00000000011E0000-0x0000000001248000-memory.dmp

Filesize
416KB

Download
memory/2740-0-0x000007FEF5E73000-0x000007FEF5E74000-memory.dmp

Filesize
4KB

Download
memory/2956-1927-0x00000000004B0000-0x00000000004D2000-memory.dmp

Filesize
136KB

Download
memory/2960-626-0x0000000000370000-0x0000000000392000-memory.dmp

Filesize
136KB

Download
memory/3032-682-0x0000000000470000-0x0000000000492000-memory.dmp

Filesize
136KB

Download
memory/3036-238-0x0000000000970000-0x0000000000992000-memory.dmp

Filesize
136KB

Download
memory/3052-804-0x00000000004A0000-0x00000000004C2000-memory.dmp

Filesize
136KB

Download
memory/3176-921-0x0000000000470000-0x0000000000492000-memory.dmp

Filesize
136KB

Download
memory/3284-1636-0x0000000000870000-0x0000000000892000-memory.dmp

Filesize
136KB

Download
memory/3356-1410-0x0000000000330000-0x0000000000352000-memory.dmp

Filesize
136KB

Download
memory/3468-1669-0x00000000003E0000-0x0000000000402000-memory.dmp

Filesize
136KB

Download
memory/3532-1733-0x0000000000360000-0x0000000000382000-memory.dmp

Filesize
136KB

Download
memory/3552-1446-0x0000000000550000-0x0000000000572000-memory.dmp

Filesize
136KB

Download
memory/3560-1062-0x00000000009C0000-0x00000000009E2000-memory.dmp

Filesize
136KB

Download
memory/3628-1064-0x0000000000370000-0x0000000000392000-memory.dmp

Filesize
136KB

Download
memory/3680-1568-0x00000000003E0000-0x0000000000402000-memory.dmp

Filesize
136KB

Download
memory/3688-1580-0x0000000000370000-0x0000000000392000-memory.dmp

Filesize
136KB

Download
memory/3724-1449-0x0000000000960000-0x0000000000982000-memory.dmp

Filesize
136KB

Download
memory/3804-1760-0x0000000000380000-0x00000000003A2000-memory.dmp

Filesize
136KB

Download
memory/3840-1592-0x0000000000350000-0x0000000000372000-memory.dmp

Filesize
136KB

Download
memory/3860-1782-0x0000000000940000-0x0000000000962000-memory.dmp

Filesize
136KB

Download
memory/3956-1210-0x00000000003E0000-0x0000000000402000-memory.dmp

Filesize
136KB

Download
memory/4208-2316-0x00000000003E0000-0x0000000000402000-memory.dmp

Filesize
136KB

Download
memory/4388-2039-0x00000000003F0000-0x0000000000412000-memory.dmp

Filesize
136KB

Download
memory/4576-2051-0x00000000004A0000-0x00000000004C2000-memory.dmp

Filesize
136KB

Download
memory/4688-2238-0x00000000008C0000-0x00000000008E2000-memory.dmp

Filesize
136KB

Download
memory/4708-2121-0x00000000003F0000-0x0000000000412000-memory.dmp

Filesize
136KB

Download
memory/4816-2413-0x00000000003A0000-0x00000000003C2000-memory.dmp

Filesize
136KB

Download
memory/4820-2252-0x00000000003B0000-0x00000000003D2000-memory.dmp

Filesize
136KB

Download
memory/4908-2251-0x0000000000470000-0x0000000000492000-memory.dmp

Filesize
136KB

Download
memory/4912-2125-0x0000000000950000-0x0000000000972000-memory.dmp

Filesize
136KB

Download
memory/4980-2126-0x0000000000270000-0x0000000000292000-memory.dmp

Filesize
136KB

Download
memory/5344-2725-0x0000000000440000-0x0000000000462000-memory.dmp

Filesize
136KB

Download
memory/5480-2762-0x0000000000360000-0x0000000000382000-memory.dmp

Filesize
136KB

Download
memory/5488-3131-0x0000000000260000-0x0000000000282000-memory.dmp

Filesize
136KB

Download
memory/5580-3035-0x0000000000370000-0x0000000000392000-memory.dmp

Filesize
136KB

Download
memory/5804-2768-0x0000000000380000-0x00000000003A2000-memory.dmp

Filesize
136KB

Download
memory/5864-3166-0x0000000000600000-0x0000000000622000-memory.dmp

Filesize
136KB

Download
memory/5888-3238-0x00000000005E0000-0x0000000000602000-memory.dmp

Filesize
136KB

Download
memory/6068-2932-0x0000000000340000-0x0000000000362000-memory.dmp

Filesize
136KB

Download
memory/6112-3444-0x0000000000410000-0x0000000000432000-memory.dmp

Filesize
136KB

Download
memory/6124-3201-0x0000000000580000-0x00000000005A2000-memory.dmp

Filesize
136KB

Download
memory/6184-3902-0x0000000000490000-0x00000000004B2000-memory.dmp

Filesize
136KB

Download
memory/6236-3478-0x0000000000560000-0x0000000000582000-memory.dmp

Filesize
136KB

Download
memory/6364-4108-0x0000000000A10000-0x0000000000A32000-memory.dmp

Filesize
136KB

Download
memory/6432-3540-0x0000000000500000-0x0000000000522000-memory.dmp

Filesize
136KB

Download
memory/6548-3916-0x00000000004C0000-0x00000000004E2000-memory.dmp

Filesize
136KB

Download
memory/6628-3658-0x0000000000500000-0x0000000000522000-memory.dmp

Filesize
136KB

Download
memory/6664-83-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/6664-158-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6756-3708-0x0000000000580000-0x00000000005A2000-memory.dmp

Filesize
136KB

Download
memory/6832-94-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6832-91-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6832-87-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6832-93-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/6832-85-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6832-89-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6872-4092-0x00000000004E0000-0x0000000000502000-memory.dmp

Filesize
136KB

Download
memory/7144-3855-0x0000000000420000-0x0000000000442000-memory.dmp

Filesize
136KB

Download
memory/7228-4204-0x00000000004E0000-0x0000000000502000-memory.dmp

Filesize
136KB

Download
memory/7668-4276-0x0000000000330000-0x0000000000352000-memory.dmp

Filesize
136KB

Download