Analysis
-
max time kernel
55s -
max time network
16s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
09/11/2024, 21:38
Static task
static1
Behavioral task
behavioral1
Sample
Octo Free Tweaking Utility V1.0.bat
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
Octo Free Tweaking Utility V1.0.bat
Resource
win10v2004-20241007-en
General
-
Target
Octo Free Tweaking Utility V1.0.bat
-
Size
32KB
-
MD5
8392add3fcbeded059c0788e13305148
-
SHA1
aabebd21818beb9d92354a26bff3b091f6d33070
-
SHA256
bd035666f01df67518bf6a7976e58d019fe4281b7cc959bc623b5bbc8cb6aa31
-
SHA512
454321ad19d4544632c51d02a2cd9adb48d856a982e45afdf2c2abd06412a212bb4ee60075ceee1f46370ecb722ed73d0749fd9cae1f627cfd3013d221728774
-
SSDEEP
384:5TFAFXvNHSuTB4VPVVpZzBYqvRBzalRL/TJ:5TqXDSPVVpZzclRL/TJ
Malware Config
Signatures
-
Command and Scripting Interpreter: PowerShell 1 TTPs 6 IoCs
Run Powershell to get system information.
pid Process 1880 powershell.exe 2124 powershell.exe 1128 powershell.exe 1592 powershell.exe 2996 powershell.exe 2212 powershell.exe -
Power Settings 1 TTPs 64 IoCs
powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.
pid Process 2812 powercfg.exe 1920 powercfg.exe 2996 powercfg.exe 1288 powercfg.exe 2556 powercfg.exe 2732 powercfg.exe 744 powercfg.exe 2700 powercfg.exe 2040 powercfg.exe 2984 powercfg.exe 2148 powercfg.exe 760 powercfg.exe 1612 powercfg.exe 2360 powercfg.exe 2632 powercfg.exe 1364 powercfg.exe 3064 powercfg.exe 2720 powercfg.exe 2272 powercfg.exe 2592 powercfg.exe 2668 powercfg.exe 1900 powercfg.exe 2096 powercfg.exe 2044 powercfg.exe 1528 powercfg.exe 976 powercfg.exe 2976 powercfg.exe 852 powercfg.exe 2960 powercfg.exe 2992 powercfg.exe 2508 powercfg.exe 1628 powercfg.exe 2172 powercfg.exe 2656 powercfg.exe 1700 powercfg.exe 2440 powercfg.exe 2704 powercfg.exe 2756 powercfg.exe 1836 powercfg.exe 1760 powercfg.exe 556 powercfg.exe 1652 powercfg.exe 2680 powercfg.exe 2736 powercfg.exe 1256 powercfg.exe 2268 powercfg.exe 872 powercfg.exe 2288 powercfg.exe 1376 powercfg.exe 264 powercfg.exe 2784 powercfg.exe 2968 powercfg.exe 340 powercfg.exe 1692 powercfg.exe 2432 powercfg.exe 1204 powercfg.exe 2952 powercfg.exe 1720 powercfg.exe 864 powercfg.exe 2480 powercfg.exe 2340 powercfg.exe 2748 powercfg.exe 2696 powercfg.exe 2724 powercfg.exe -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main helppane.exe -
Suspicious behavior: EnumeratesProcesses 5 IoCs
pid Process 1880 powershell.exe 2996 powershell.exe 2212 powershell.exe 2124 powershell.exe 1128 powershell.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeTakeOwnershipPrivilege 2332 helppane.exe Token: SeTakeOwnershipPrivilege 2332 helppane.exe Token: SeTakeOwnershipPrivilege 2332 helppane.exe Token: SeTakeOwnershipPrivilege 2332 helppane.exe Token: SeShutdownPrivilege 2672 powercfg.exe Token: SeShutdownPrivilege 2724 powercfg.exe Token: SeShutdownPrivilege 2692 powercfg.exe Token: SeShutdownPrivilege 2832 powercfg.exe Token: SeShutdownPrivilege 2700 powercfg.exe Token: SeShutdownPrivilege 2860 powercfg.exe Token: SeShutdownPrivilege 2168 powercfg.exe Token: SeShutdownPrivilege 3028 powercfg.exe Token: SeShutdownPrivilege 2684 powercfg.exe Token: SeShutdownPrivilege 2828 powercfg.exe Token: SeShutdownPrivilege 2604 powercfg.exe Token: SeShutdownPrivilege 2904 powercfg.exe Token: SeShutdownPrivilege 2812 powercfg.exe Token: SeShutdownPrivilege 2920 powercfg.exe Token: SeShutdownPrivilege 2912 powercfg.exe Token: SeShutdownPrivilege 2300 powercfg.exe Token: SeShutdownPrivilege 2740 powercfg.exe Token: SeShutdownPrivilege 2736 powercfg.exe Token: SeShutdownPrivilege 2616 powercfg.exe Token: SeShutdownPrivilege 2624 powercfg.exe Token: SeShutdownPrivilege 1908 powercfg.exe Token: SeShutdownPrivilege 2572 powercfg.exe Token: SeShutdownPrivilege 2580 powercfg.exe Token: SeShutdownPrivilege 2588 powercfg.exe Token: SeShutdownPrivilege 2620 powercfg.exe Token: SeShutdownPrivilege 2640 powercfg.exe Token: SeShutdownPrivilege 2688 powercfg.exe Token: SeShutdownPrivilege 796 powercfg.exe Token: SeShutdownPrivilege 1788 powercfg.exe Token: SeShutdownPrivilege 976 powercfg.exe Token: SeShutdownPrivilege 2392 powercfg.exe Token: SeShutdownPrivilege 2288 powercfg.exe Token: SeShutdownPrivilege 2292 powercfg.exe Token: SeShutdownPrivilege 2032 powercfg.exe Token: SeShutdownPrivilege 2312 powercfg.exe Token: SeShutdownPrivilege 2760 powercfg.exe Token: SeShutdownPrivilege 2040 powercfg.exe Token: SeShutdownPrivilege 2892 powercfg.exe Token: SeShutdownPrivilege 1900 powercfg.exe Token: SeShutdownPrivilege 2884 powercfg.exe Token: SeShutdownPrivilege 1204 powercfg.exe Token: SeShutdownPrivilege 288 powercfg.exe Token: SeShutdownPrivilege 1716 powercfg.exe Token: SeShutdownPrivilege 2556 powercfg.exe Token: SeShutdownPrivilege 2756 powercfg.exe Token: SeShutdownPrivilege 2864 powercfg.exe Token: SeShutdownPrivilege 2864 powercfg.exe Token: SeShutdownPrivilege 2864 powercfg.exe Token: SeShutdownPrivilege 2864 powercfg.exe Token: SeShutdownPrivilege 2864 powercfg.exe Token: SeCreatePagefilePrivilege 2864 powercfg.exe Token: SeShutdownPrivilege 2900 powercfg.exe Token: SeShutdownPrivilege 2908 powercfg.exe Token: SeShutdownPrivilege 1268 powercfg.exe Token: SeShutdownPrivilege 2096 powercfg.exe Token: SeShutdownPrivilege 1244 powercfg.exe Token: SeShutdownPrivilege 284 powercfg.exe Token: SeShutdownPrivilege 1256 powercfg.exe Token: SeShutdownPrivilege 1252 powercfg.exe Token: SeShutdownPrivilege 2868 powercfg.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2332 helppane.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 2332 helppane.exe 2332 helppane.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2196 wrote to memory of 2256 2196 cmd.exe 32 PID 2196 wrote to memory of 2256 2196 cmd.exe 32 PID 2196 wrote to memory of 2256 2196 cmd.exe 32 PID 2256 wrote to memory of 2192 2256 cmd.exe 33 PID 2256 wrote to memory of 2192 2256 cmd.exe 33 PID 2256 wrote to memory of 2192 2256 cmd.exe 33 PID 2196 wrote to memory of 2672 2196 cmd.exe 35 PID 2196 wrote to memory of 2672 2196 cmd.exe 35 PID 2196 wrote to memory of 2672 2196 cmd.exe 35 PID 2196 wrote to memory of 2724 2196 cmd.exe 36 PID 2196 wrote to memory of 2724 2196 cmd.exe 36 PID 2196 wrote to memory of 2724 2196 cmd.exe 36 PID 2196 wrote to memory of 2692 2196 cmd.exe 37 PID 2196 wrote to memory of 2692 2196 cmd.exe 37 PID 2196 wrote to memory of 2692 2196 cmd.exe 37 PID 2196 wrote to memory of 2832 2196 cmd.exe 38 PID 2196 wrote to memory of 2832 2196 cmd.exe 38 PID 2196 wrote to memory of 2832 2196 cmd.exe 38 PID 2196 wrote to memory of 2700 2196 cmd.exe 39 PID 2196 wrote to memory of 2700 2196 cmd.exe 39 PID 2196 wrote to memory of 2700 2196 cmd.exe 39 PID 2196 wrote to memory of 2860 2196 cmd.exe 40 PID 2196 wrote to memory of 2860 2196 cmd.exe 40 PID 2196 wrote to memory of 2860 2196 cmd.exe 40 PID 2196 wrote to memory of 2168 2196 cmd.exe 41 PID 2196 wrote to memory of 2168 2196 cmd.exe 41 PID 2196 wrote to memory of 2168 2196 cmd.exe 41 PID 2196 wrote to memory of 3028 2196 cmd.exe 42 PID 2196 wrote to memory of 3028 2196 cmd.exe 42 PID 2196 wrote to memory of 3028 2196 cmd.exe 42 PID 2196 wrote to memory of 2684 2196 cmd.exe 43 PID 2196 wrote to memory of 2684 2196 cmd.exe 43 PID 2196 wrote to memory of 2684 2196 cmd.exe 43 PID 2196 wrote to memory of 2828 2196 cmd.exe 44 PID 2196 wrote to memory of 2828 2196 cmd.exe 44 PID 2196 wrote to memory of 2828 2196 cmd.exe 44 PID 2196 wrote to memory of 2604 2196 cmd.exe 45 PID 2196 wrote to memory of 2604 2196 cmd.exe 45 PID 2196 wrote to memory of 2604 2196 cmd.exe 45 PID 2196 wrote to memory of 2904 2196 cmd.exe 46 PID 2196 wrote to memory of 2904 2196 cmd.exe 46 PID 2196 wrote to memory of 2904 2196 cmd.exe 46 PID 2196 wrote to memory of 2812 2196 cmd.exe 47 PID 2196 wrote to memory of 2812 2196 cmd.exe 47 PID 2196 wrote to memory of 2812 2196 cmd.exe 47 PID 2196 wrote to memory of 2920 2196 cmd.exe 48 PID 2196 wrote to memory of 2920 2196 cmd.exe 48 PID 2196 wrote to memory of 2920 2196 cmd.exe 48 PID 2196 wrote to memory of 2912 2196 cmd.exe 49 PID 2196 wrote to memory of 2912 2196 cmd.exe 49 PID 2196 wrote to memory of 2912 2196 cmd.exe 49 PID 2196 wrote to memory of 2300 2196 cmd.exe 50 PID 2196 wrote to memory of 2300 2196 cmd.exe 50 PID 2196 wrote to memory of 2300 2196 cmd.exe 50 PID 2196 wrote to memory of 2740 2196 cmd.exe 51 PID 2196 wrote to memory of 2740 2196 cmd.exe 51 PID 2196 wrote to memory of 2740 2196 cmd.exe 51 PID 2196 wrote to memory of 2736 2196 cmd.exe 52 PID 2196 wrote to memory of 2736 2196 cmd.exe 52 PID 2196 wrote to memory of 2736 2196 cmd.exe 52 PID 2196 wrote to memory of 2616 2196 cmd.exe 53 PID 2196 wrote to memory of 2616 2196 cmd.exe 53 PID 2196 wrote to memory of 2616 2196 cmd.exe 53 PID 2196 wrote to memory of 2624 2196 cmd.exe 54
Processes
-
C:\Windows\system32\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\Octo Free Tweaking Utility V1.0.bat"1⤵
- Suspicious use of WriteProcessMemory
PID:2196 -
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c findstr /b ::: "C:\Users\Admin\AppData\Local\Temp\Octo Free Tweaking Utility V1.0.bat"2⤵
- Suspicious use of WriteProcessMemory
PID:2256 -
C:\Windows\system32\findstr.exefindstr /b ::: "C:\Users\Admin\AppData\Local\Temp\Octo Free Tweaking Utility V1.0.bat"3⤵PID:2192
-
-
-
C:\Windows\system32\powercfg.exepowercfg -change -monitor-timeout-ac 02⤵
- Suspicious use of AdjustPrivilegeToken
PID:2672
-
-
C:\Windows\system32\powercfg.exepowercfg -change -monitor-timeout-dc 02⤵
- Power Settings
- Suspicious use of AdjustPrivilegeToken
PID:2724
-
-
C:\Windows\system32\powercfg.exepowercfg -change -standby-timeout-ac 02⤵
- Suspicious use of AdjustPrivilegeToken
PID:2692
-
-
C:\Windows\system32\powercfg.exepowercfg -change -standby-timeout-dc 02⤵
- Suspicious use of AdjustPrivilegeToken
PID:2832
-
-
C:\Windows\system32\powercfg.exepowercfg -setactive scheme_max2⤵
- Power Settings
- Suspicious use of AdjustPrivilegeToken
PID:2700
-
-
C:\Windows\system32\powercfg.exepowercfg /setacvalueindex scheme_max sub_processor PROCTHROTTLEMAX 1002⤵
- Suspicious use of AdjustPrivilegeToken
PID:2860
-
-
C:\Windows\system32\powercfg.exepowercfg /setdcvalueindex scheme_max sub_processor PROCTHROTTLEMAX 1002⤵
- Suspicious use of AdjustPrivilegeToken
PID:2168
-
-
C:\Windows\system32\powercfg.exepowercfg /setacvalueindex scheme_max sub_processor PROCTHROTTLEMIN 1002⤵
- Suspicious use of AdjustPrivilegeToken
PID:3028
-
-
C:\Windows\system32\powercfg.exepowercfg /setdcvalueindex scheme_max sub_processor PROCTHROTTLEMIN 1002⤵
- Suspicious use of AdjustPrivilegeToken
PID:2684
-
-
C:\Windows\system32\powercfg.exepowercfg /setacvalueindex scheme_max sub_display brightness 1002⤵
- Suspicious use of AdjustPrivilegeToken
PID:2828
-
-
C:\Windows\system32\powercfg.exepowercfg /setdcvalueindex scheme_max sub_display brightness 1002⤵
- Suspicious use of AdjustPrivilegeToken
PID:2604
-
-
C:\Windows\system32\powercfg.exepowercfg /setacvalueindex scheme_max sub_disk disk_idle 02⤵
- Suspicious use of AdjustPrivilegeToken
PID:2904
-
-
C:\Windows\system32\powercfg.exepowercfg /setdcvalueindex scheme_max sub_disk disk_idle 02⤵
- Power Settings
- Suspicious use of AdjustPrivilegeToken
PID:2812
-
-
C:\Windows\system32\powercfg.exepowercfg /setacvalueindex scheme_max sub_disk idle_time 02⤵
- Suspicious use of AdjustPrivilegeToken
PID:2920
-
-
C:\Windows\system32\powercfg.exepowercfg /setdcvalueindex scheme_max sub_disk idle_time 02⤵
- Suspicious use of AdjustPrivilegeToken
PID:2912
-
-
C:\Windows\system32\powercfg.exepowercfg /setacvalueindex scheme_max sub_usb selective_suspend 02⤵
- Suspicious use of AdjustPrivilegeToken
PID:2300
-
-
C:\Windows\system32\powercfg.exepowercfg /setdcvalueindex scheme_max sub_usb selective_suspend 02⤵
- Suspicious use of AdjustPrivilegeToken
PID:2740
-
-
C:\Windows\system32\powercfg.exepowercfg /setacvalueindex scheme_max sub_video adaptive_display 02⤵
- Power Settings
- Suspicious use of AdjustPrivilegeToken
PID:2736
-
-
C:\Windows\system32\powercfg.exepowercfg /setdcvalueindex scheme_max sub_video adaptive_display 02⤵
- Suspicious use of AdjustPrivilegeToken
PID:2616
-
-
C:\Windows\system32\powercfg.exepowercfg /setacvalueindex scheme_max sub_display brightness 1002⤵
- Suspicious use of AdjustPrivilegeToken
PID:2624
-
-
C:\Windows\system32\powercfg.exepowercfg /setdcvalueindex scheme_max sub_display brightness 1002⤵
- Suspicious use of AdjustPrivilegeToken
PID:1908
-
-
C:\Windows\system32\powercfg.exepowercfg /setacvalueindex scheme_max sub_cpu idle_timeout 02⤵
- Suspicious use of AdjustPrivilegeToken
PID:2572
-
-
C:\Windows\system32\powercfg.exepowercfg /setdcvalueindex scheme_max sub_cpu idle_timeout 02⤵
- Suspicious use of AdjustPrivilegeToken
PID:2580
-
-
C:\Windows\system32\powercfg.exepowercfg /setacvalueindex scheme_max sub_hybrid sleep 02⤵
- Suspicious use of AdjustPrivilegeToken
PID:2588
-
-
C:\Windows\system32\powercfg.exepowercfg /setdcvalueindex scheme_max sub_hybrid sleep 02⤵
- Suspicious use of AdjustPrivilegeToken
PID:2620
-
-
C:\Windows\system32\powercfg.exepowercfg /setacvalueindex scheme_max sub_graphics adaptive_graphics 02⤵
- Suspicious use of AdjustPrivilegeToken
PID:2640
-
-
C:\Windows\system32\powercfg.exepowercfg /setdcvalueindex scheme_max sub_graphics adaptive_graphics 02⤵
- Suspicious use of AdjustPrivilegeToken
PID:2688
-
-
C:\Windows\system32\powercfg.exepowercfg /setacvalueindex scheme_max sub_processor PERFDISPLAY 02⤵
- Suspicious use of AdjustPrivilegeToken
PID:796
-
-
C:\Windows\system32\powercfg.exepowercfg /setdcvalueindex scheme_max sub_processor PERFDISPLAY 02⤵
- Suspicious use of AdjustPrivilegeToken
PID:1788
-
-
C:\Windows\system32\powercfg.exepowercfg /setacvalueindex scheme_max sub_processor PROCFREQUENCY 1002⤵
- Power Settings
- Suspicious use of AdjustPrivilegeToken
PID:976
-
-
C:\Windows\system32\powercfg.exepowercfg /setdcvalueindex scheme_max sub_processor PROCFREQUENCY 1002⤵
- Suspicious use of AdjustPrivilegeToken
PID:2392
-
-
C:\Windows\system32\powercfg.exepowercfg /setacvalueindex scheme_max sub_video dynamic_contrast 02⤵
- Power Settings
- Suspicious use of AdjustPrivilegeToken
PID:2288
-
-
C:\Windows\system32\powercfg.exepowercfg /setdcvalueindex scheme_max sub_video dynamic_contrast 02⤵
- Suspicious use of AdjustPrivilegeToken
PID:2292
-
-
C:\Windows\system32\powercfg.exepowercfg /setacvalueindex scheme_max sub_dvd video_speed 1002⤵
- Suspicious use of AdjustPrivilegeToken
PID:2032
-
-
C:\Windows\system32\powercfg.exepowercfg /setdcvalueindex scheme_max sub_dvd video_speed 1002⤵
- Suspicious use of AdjustPrivilegeToken
PID:2312
-
-
C:\Windows\system32\powercfg.exepowercfg /setacvalueindex scheme_max sub_system cooling_policy 12⤵
- Suspicious use of AdjustPrivilegeToken
PID:2760
-
-
C:\Windows\system32\powercfg.exepowercfg /setdcvalueindex scheme_max sub_system cooling_policy 12⤵
- Power Settings
- Suspicious use of AdjustPrivilegeToken
PID:2040
-
-
C:\Windows\system32\powercfg.exepowercfg /setacvalueindex scheme_max sub_system processor_power_policy 12⤵
- Suspicious use of AdjustPrivilegeToken
PID:2892
-
-
C:\Windows\system32\powercfg.exepowercfg /setdcvalueindex scheme_max sub_system processor_power_policy 12⤵
- Power Settings
- Suspicious use of AdjustPrivilegeToken
PID:1900
-
-
C:\Windows\system32\powercfg.exepowercfg /setacvalueindex scheme_max sub_memory standby_policy 12⤵
- Suspicious use of AdjustPrivilegeToken
PID:2884
-
-
C:\Windows\system32\powercfg.exepowercfg /setdcvalueindex scheme_max sub_memory standby_policy 12⤵
- Power Settings
- Suspicious use of AdjustPrivilegeToken
PID:1204
-
-
C:\Windows\system32\powercfg.exepowercfg /setacvalueindex scheme_max sub_system cpu_core 1002⤵
- Suspicious use of AdjustPrivilegeToken
PID:288
-
-
C:\Windows\system32\powercfg.exepowercfg /setdcvalueindex scheme_max sub_system cpu_core 1002⤵
- Suspicious use of AdjustPrivilegeToken
PID:1716
-
-
C:\Windows\system32\powercfg.exepowercfg /setacvalueindex scheme_max sub_processor clock_speed 1002⤵
- Power Settings
- Suspicious use of AdjustPrivilegeToken
PID:2556
-
-
C:\Windows\system32\powercfg.exepowercfg /setdcvalueindex scheme_max sub_processor clock_speed 1002⤵
- Power Settings
- Suspicious use of AdjustPrivilegeToken
PID:2756
-
-
C:\Windows\system32\powercfg.exepowercfg -h off2⤵
- Suspicious use of AdjustPrivilegeToken
PID:2864
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c findstr /b ::: "C:\Users\Admin\AppData\Local\Temp\Octo Free Tweaking Utility V1.0.bat"2⤵PID:2896
-
C:\Windows\system32\findstr.exefindstr /b ::: "C:\Users\Admin\AppData\Local\Temp\Octo Free Tweaking Utility V1.0.bat"3⤵PID:2936
-
-
-
C:\Windows\system32\powercfg.exepowercfg -change -monitor-timeout-ac 02⤵
- Suspicious use of AdjustPrivilegeToken
PID:2900
-
-
C:\Windows\system32\powercfg.exepowercfg -change -monitor-timeout-dc 02⤵
- Suspicious use of AdjustPrivilegeToken
PID:2908
-
-
C:\Windows\system32\powercfg.exepowercfg -change -standby-timeout-ac 02⤵
- Suspicious use of AdjustPrivilegeToken
PID:1268
-
-
C:\Windows\system32\powercfg.exepowercfg -change -standby-timeout-dc 02⤵
- Power Settings
- Suspicious use of AdjustPrivilegeToken
PID:2096
-
-
C:\Windows\system32\powercfg.exepowercfg -setactive scheme_max2⤵
- Suspicious use of AdjustPrivilegeToken
PID:1244
-
-
C:\Windows\system32\powercfg.exepowercfg /setacvalueindex scheme_max sub_processor PROCTHROTTLEMAX 1002⤵
- Suspicious use of AdjustPrivilegeToken
PID:284
-
-
C:\Windows\system32\powercfg.exepowercfg /setdcvalueindex scheme_max sub_processor PROCTHROTTLEMAX 1002⤵
- Power Settings
- Suspicious use of AdjustPrivilegeToken
PID:1256
-
-
C:\Windows\system32\powercfg.exepowercfg /setacvalueindex scheme_max sub_processor PROCTHROTTLEMIN 1002⤵
- Suspicious use of AdjustPrivilegeToken
PID:1252
-
-
C:\Windows\system32\powercfg.exepowercfg /setdcvalueindex scheme_max sub_processor PROCTHROTTLEMIN 1002⤵
- Suspicious use of AdjustPrivilegeToken
PID:2868
-
-
C:\Windows\system32\powercfg.exepowercfg /setacvalueindex scheme_max sub_display brightness 1002⤵
- Power Settings
PID:1920
-
-
C:\Windows\system32\powercfg.exepowercfg /setdcvalueindex scheme_max sub_display brightness 1002⤵PID:2120
-
-
C:\Windows\system32\powercfg.exepowercfg /setacvalueindex scheme_max sub_disk disk_idle 02⤵PID:2396
-
-
C:\Windows\system32\powercfg.exepowercfg /setdcvalueindex scheme_max sub_disk disk_idle 02⤵PID:1996
-
-
C:\Windows\system32\powercfg.exepowercfg /setacvalueindex scheme_max sub_disk idle_time 02⤵PID:1148
-
-
C:\Windows\system32\powercfg.exepowercfg /setdcvalueindex scheme_max sub_disk idle_time 02⤵
- Power Settings
PID:1376
-
-
C:\Windows\system32\powercfg.exepowercfg /setacvalueindex scheme_max sub_usb selective_suspend 02⤵PID:2948
-
-
C:\Windows\system32\powercfg.exepowercfg /setdcvalueindex scheme_max sub_usb selective_suspend 02⤵
- Power Settings
PID:2044
-
-
C:\Windows\system32\powercfg.exepowercfg /setacvalueindex scheme_max sub_video adaptive_display 02⤵PID:1380
-
-
C:\Windows\system32\powercfg.exepowercfg /setdcvalueindex scheme_max sub_video adaptive_display 02⤵PID:1420
-
-
C:\Windows\system32\powercfg.exepowercfg /setacvalueindex scheme_max sub_display brightness 1002⤵
- Power Settings
PID:2984
-
-
C:\Windows\system32\powercfg.exepowercfg /setdcvalueindex scheme_max sub_display brightness 1002⤵PID:3008
-
-
C:\Windows\system32\powercfg.exepowercfg /setacvalueindex scheme_max sub_cpu idle_timeout 02⤵
- Power Settings
PID:2996
-
-
C:\Windows\system32\powercfg.exepowercfg /setdcvalueindex scheme_max sub_cpu idle_timeout 02⤵PID:2980
-
-
C:\Windows\system32\powercfg.exepowercfg /setacvalueindex scheme_max sub_hybrid sleep 02⤵PID:2988
-
-
C:\Windows\system32\powercfg.exepowercfg /setdcvalueindex scheme_max sub_hybrid sleep 02⤵
- Power Settings
PID:2968
-
-
C:\Windows\system32\powercfg.exepowercfg /setacvalueindex scheme_max sub_graphics adaptive_graphics 02⤵
- Power Settings
PID:2976
-
-
C:\Windows\system32\powercfg.exepowercfg /setdcvalueindex scheme_max sub_graphics adaptive_graphics 02⤵PID:1516
-
-
C:\Windows\system32\powercfg.exepowercfg /setacvalueindex scheme_max sub_processor PERFDISPLAY 02⤵PID:1304
-
-
C:\Windows\system32\powercfg.exepowercfg /setdcvalueindex scheme_max sub_processor PERFDISPLAY 02⤵PID:1688
-
-
C:\Windows\system32\powercfg.exepowercfg /setacvalueindex scheme_max sub_processor PROCFREQUENCY 1002⤵PID:2380
-
-
C:\Windows\system32\powercfg.exepowercfg /setdcvalueindex scheme_max sub_processor PROCFREQUENCY 1002⤵PID:2212
-
-
C:\Windows\system32\powercfg.exepowercfg /setacvalueindex scheme_max sub_video dynamic_contrast 02⤵PID:1792
-
-
C:\Windows\system32\powercfg.exepowercfg /setdcvalueindex scheme_max sub_video dynamic_contrast 02⤵PID:1964
-
-
C:\Windows\system32\powercfg.exepowercfg /setacvalueindex scheme_max sub_dvd video_speed 1002⤵PID:528
-
-
C:\Windows\system32\powercfg.exepowercfg /setdcvalueindex scheme_max sub_dvd video_speed 1002⤵PID:1780
-
-
C:\Windows\system32\powercfg.exepowercfg /setacvalueindex scheme_max sub_system cooling_policy 12⤵PID:2336
-
-
C:\Windows\system32\powercfg.exepowercfg /setdcvalueindex scheme_max sub_system cooling_policy 12⤵
- Power Settings
PID:340
-
-
C:\Windows\system32\powercfg.exepowercfg /setacvalueindex scheme_max sub_system processor_power_policy 12⤵PID:2664
-
-
C:\Windows\system32\powercfg.exepowercfg /setdcvalueindex scheme_max sub_system processor_power_policy 12⤵
- Power Settings
PID:264
-
-
C:\Windows\system32\powercfg.exepowercfg /setacvalueindex scheme_max sub_memory standby_policy 12⤵
- Power Settings
PID:2268
-
-
C:\Windows\system32\powercfg.exepowercfg /setdcvalueindex scheme_max sub_memory standby_policy 12⤵PID:1088
-
-
C:\Windows\system32\powercfg.exepowercfg /setacvalueindex scheme_max sub_system cpu_core 1002⤵
- Power Settings
PID:2148
-
-
C:\Windows\system32\powercfg.exepowercfg /setdcvalueindex scheme_max sub_system cpu_core 1002⤵
- Power Settings
PID:872
-
-
C:\Windows\system32\powercfg.exepowercfg /setacvalueindex scheme_max sub_processor clock_speed 1002⤵PID:2108
-
-
C:\Windows\system32\powercfg.exepowercfg /setdcvalueindex scheme_max sub_processor clock_speed 1002⤵PID:1724
-
-
C:\Windows\system32\powercfg.exepowercfg -h off2⤵PID:2416
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c findstr /b ::: "C:\Users\Admin\AppData\Local\Temp\Octo Free Tweaking Utility V1.0.bat"2⤵PID:1128
-
C:\Windows\system32\findstr.exefindstr /b ::: "C:\Users\Admin\AppData\Local\Temp\Octo Free Tweaking Utility V1.0.bat"3⤵PID:2552
-
-
-
C:\Windows\system32\powercfg.exepowercfg -change -monitor-timeout-ac 02⤵PID:2468
-
-
C:\Windows\system32\powercfg.exepowercfg -change -monitor-timeout-dc 02⤵PID:2104
-
-
C:\Windows\system32\powercfg.exepowercfg -change -standby-timeout-ac 02⤵
- Power Settings
PID:2480
-
-
C:\Windows\system32\powercfg.exepowercfg -change -standby-timeout-dc 02⤵
- Power Settings
PID:2992
-
-
C:\Windows\system32\powercfg.exepowercfg -setactive scheme_max2⤵PID:1608
-
-
C:\Windows\system32\powercfg.exepowercfg /setacvalueindex scheme_max sub_processor PROCTHROTTLEMAX 1002⤵PID:828
-
-
C:\Windows\system32\powercfg.exepowercfg /setdcvalueindex scheme_max sub_processor PROCTHROTTLEMAX 1002⤵PID:1980
-
-
C:\Windows\system32\powercfg.exepowercfg /setacvalueindex scheme_max sub_processor PROCTHROTTLEMIN 1002⤵PID:948
-
-
C:\Windows\system32\powercfg.exepowercfg /setdcvalueindex scheme_max sub_processor PROCTHROTTLEMIN 1002⤵
- Power Settings
PID:1364
-
-
C:\Windows\system32\powercfg.exepowercfg /setacvalueindex scheme_max sub_display brightness 1002⤵
- Power Settings
PID:1836
-
-
C:\Windows\system32\powercfg.exepowercfg /setdcvalueindex scheme_max sub_display brightness 1002⤵PID:1072
-
-
C:\Windows\system32\powercfg.exepowercfg /setacvalueindex scheme_max sub_disk disk_idle 02⤵
- Power Settings
PID:1288
-
-
C:\Windows\system32\powercfg.exepowercfg /setdcvalueindex scheme_max sub_disk disk_idle 02⤵PID:1984
-
-
C:\Windows\system32\powercfg.exepowercfg /setacvalueindex scheme_max sub_disk idle_time 02⤵PID:3056
-
-
C:\Windows\system32\powercfg.exepowercfg /setdcvalueindex scheme_max sub_disk idle_time 02⤵PID:2352
-
-
C:\Windows\system32\powercfg.exepowercfg /setacvalueindex scheme_max sub_usb selective_suspend 02⤵PID:1664
-
-
C:\Windows\system32\powercfg.exepowercfg /setdcvalueindex scheme_max sub_usb selective_suspend 02⤵PID:1956
-
-
C:\Windows\system32\powercfg.exepowercfg /setacvalueindex scheme_max sub_video adaptive_display 02⤵
- Power Settings
PID:1692
-
-
C:\Windows\system32\powercfg.exepowercfg /setdcvalueindex scheme_max sub_video adaptive_display 02⤵
- Power Settings
PID:760
-
-
C:\Windows\system32\powercfg.exepowercfg /setacvalueindex scheme_max sub_display brightness 1002⤵PID:1944
-
-
C:\Windows\system32\powercfg.exepowercfg /setdcvalueindex scheme_max sub_display brightness 1002⤵PID:888
-
-
C:\Windows\system32\powercfg.exepowercfg /setacvalueindex scheme_max sub_cpu idle_timeout 02⤵PID:648
-
-
C:\Windows\system32\powercfg.exepowercfg /setdcvalueindex scheme_max sub_cpu idle_timeout 02⤵
- Power Settings
PID:2440
-
-
C:\Windows\system32\powercfg.exepowercfg /setacvalueindex scheme_max sub_hybrid sleep 02⤵PID:600
-
-
C:\Windows\system32\powercfg.exepowercfg /setdcvalueindex scheme_max sub_hybrid sleep 02⤵PID:1624
-
-
C:\Windows\system32\powercfg.exepowercfg /setacvalueindex scheme_max sub_graphics adaptive_graphics 02⤵PID:1320
-
-
C:\Windows\system32\powercfg.exepowercfg /setdcvalueindex scheme_max sub_graphics adaptive_graphics 02⤵
- Power Settings
PID:852
-
-
C:\Windows\system32\powercfg.exepowercfg /setacvalueindex scheme_max sub_processor PERFDISPLAY 02⤵PID:396
-
-
C:\Windows\system32\powercfg.exepowercfg /setdcvalueindex scheme_max sub_processor PERFDISPLAY 02⤵PID:1772
-
-
C:\Windows\system32\powercfg.exepowercfg /setacvalueindex scheme_max sub_processor PROCFREQUENCY 1002⤵
- Power Settings
PID:1528
-
-
C:\Windows\system32\powercfg.exepowercfg /setdcvalueindex scheme_max sub_processor PROCFREQUENCY 1002⤵
- Power Settings
PID:1720
-
-
C:\Windows\system32\powercfg.exepowercfg /setacvalueindex scheme_max sub_video dynamic_contrast 02⤵PID:752
-
-
C:\Windows\system32\powercfg.exepowercfg /setdcvalueindex scheme_max sub_video dynamic_contrast 02⤵PID:2128
-
-
C:\Windows\system32\powercfg.exepowercfg /setacvalueindex scheme_max sub_dvd video_speed 1002⤵PID:372
-
-
C:\Windows\system32\powercfg.exepowercfg /setdcvalueindex scheme_max sub_dvd video_speed 1002⤵PID:1728
-
-
C:\Windows\system32\powercfg.exepowercfg /setacvalueindex scheme_max sub_system cooling_policy 12⤵PID:1048
-
-
C:\Windows\system32\powercfg.exepowercfg /setdcvalueindex scheme_max sub_system cooling_policy 12⤵PID:2500
-
-
C:\Windows\system32\powercfg.exepowercfg /setacvalueindex scheme_max sub_system processor_power_policy 12⤵PID:1588
-
-
C:\Windows\system32\powercfg.exepowercfg /setdcvalueindex scheme_max sub_system processor_power_policy 12⤵PID:2544
-
-
C:\Windows\system32\powercfg.exepowercfg /setacvalueindex scheme_max sub_memory standby_policy 12⤵PID:1412
-
-
C:\Windows\system32\powercfg.exepowercfg /setdcvalueindex scheme_max sub_memory standby_policy 12⤵PID:1892
-
-
C:\Windows\system32\powercfg.exepowercfg /setacvalueindex scheme_max sub_system cpu_core 1002⤵PID:564
-
-
C:\Windows\system32\powercfg.exepowercfg /setdcvalueindex scheme_max sub_system cpu_core 1002⤵PID:568
-
-
C:\Windows\system32\powercfg.exepowercfg /setacvalueindex scheme_max sub_processor clock_speed 1002⤵PID:2504
-
-
C:\Windows\system32\powercfg.exepowercfg /setdcvalueindex scheme_max sub_processor clock_speed 1002⤵PID:2140
-
-
C:\Windows\system32\powercfg.exepowercfg -h off2⤵PID:676
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c findstr /b ::: "C:\Users\Admin\AppData\Local\Temp\Octo Free Tweaking Utility V1.0.bat"2⤵PID:2060
-
C:\Windows\system32\findstr.exefindstr /b ::: "C:\Users\Admin\AppData\Local\Temp\Octo Free Tweaking Utility V1.0.bat"3⤵PID:1008
-
-
-
C:\Windows\system32\powercfg.exepowercfg -change -monitor-timeout-ac 02⤵PID:292
-
-
C:\Windows\system32\powercfg.exepowercfg -change -monitor-timeout-dc 02⤵
- Power Settings
PID:2340
-
-
C:\Windows\system32\powercfg.exepowercfg -change -standby-timeout-ac 02⤵PID:576
-
-
C:\Windows\system32\powercfg.exepowercfg -change -standby-timeout-dc 02⤵PID:1552
-
-
C:\Windows\system32\powercfg.exepowercfg -setactive scheme_max2⤵
- Power Settings
PID:556
-
-
C:\Windows\system32\powercfg.exepowercfg /setacvalueindex scheme_max sub_processor PROCTHROTTLEMAX 1002⤵
- Power Settings
PID:1652
-
-
C:\Windows\system32\powercfg.exepowercfg /setdcvalueindex scheme_max sub_processor PROCTHROTTLEMAX 1002⤵PID:2056
-
-
C:\Windows\system32\powercfg.exepowercfg /setacvalueindex scheme_max sub_processor PROCTHROTTLEMIN 1002⤵
- Power Settings
PID:2360
-
-
C:\Windows\system32\powercfg.exepowercfg /setdcvalueindex scheme_max sub_processor PROCTHROTTLEMIN 1002⤵PID:1976
-
-
C:\Windows\system32\powercfg.exepowercfg /setacvalueindex scheme_max sub_display brightness 1002⤵
- Power Settings
PID:864
-
-
C:\Windows\system32\powercfg.exepowercfg /setdcvalueindex scheme_max sub_display brightness 1002⤵PID:860
-
-
C:\Windows\system32\powercfg.exepowercfg /setacvalueindex scheme_max sub_disk disk_idle 02⤵
- Power Settings
PID:2508
-
-
C:\Windows\system32\powercfg.exepowercfg /setdcvalueindex scheme_max sub_disk disk_idle 02⤵PID:1180
-
-
C:\Windows\system32\powercfg.exepowercfg /setacvalueindex scheme_max sub_disk idle_time 02⤵
- Power Settings
PID:1760
-
-
C:\Windows\system32\powercfg.exepowercfg /setdcvalueindex scheme_max sub_disk idle_time 02⤵PID:2252
-
-
C:\Windows\system32\powercfg.exepowercfg /setacvalueindex scheme_max sub_usb selective_suspend 02⤵PID:2192
-
-
C:\Windows\system32\powercfg.exepowercfg /setdcvalueindex scheme_max sub_usb selective_suspend 02⤵PID:2256
-
-
C:\Windows\system32\powercfg.exepowercfg /setacvalueindex scheme_max sub_video adaptive_display 02⤵PID:1548
-
-
C:\Windows\system32\powercfg.exepowercfg /setdcvalueindex scheme_max sub_video adaptive_display 02⤵PID:1584
-
-
C:\Windows\system32\powercfg.exepowercfg /setacvalueindex scheme_max sub_display brightness 1002⤵PID:2200
-
-
C:\Windows\system32\powercfg.exepowercfg /setdcvalueindex scheme_max sub_display brightness 1002⤵PID:1580
-
-
C:\Windows\system32\powercfg.exepowercfg /setacvalueindex scheme_max sub_cpu idle_timeout 02⤵PID:2100
-
-
C:\Windows\system32\powercfg.exepowercfg /setdcvalueindex scheme_max sub_cpu idle_timeout 02⤵PID:3020
-
-
C:\Windows\system32\powercfg.exepowercfg /setacvalueindex scheme_max sub_hybrid sleep 02⤵
- Power Settings
PID:2432
-
-
C:\Windows\system32\powercfg.exepowercfg /setdcvalueindex scheme_max sub_hybrid sleep 02⤵PID:784
-
-
C:\Windows\system32\powercfg.exepowercfg /setacvalueindex scheme_max sub_graphics adaptive_graphics 02⤵
- Power Settings
PID:1628
-
-
C:\Windows\system32\powercfg.exepowercfg /setdcvalueindex scheme_max sub_graphics adaptive_graphics 02⤵
- Power Settings
PID:2696
-
-
C:\Windows\system32\powercfg.exepowercfg /setacvalueindex scheme_max sub_processor PERFDISPLAY 02⤵
- Power Settings
PID:2784
-
-
C:\Windows\system32\powercfg.exepowercfg /setdcvalueindex scheme_max sub_processor PERFDISPLAY 02⤵PID:2800
-
-
C:\Windows\system32\powercfg.exepowercfg /setacvalueindex scheme_max sub_processor PROCFREQUENCY 1002⤵PID:2808
-
-
C:\Windows\system32\powercfg.exepowercfg /setdcvalueindex scheme_max sub_processor PROCFREQUENCY 1002⤵
- Power Settings
PID:3064
-
-
C:\Windows\system32\powercfg.exepowercfg /setacvalueindex scheme_max sub_video dynamic_contrast 02⤵PID:3068
-
-
C:\Windows\system32\powercfg.exepowercfg /setdcvalueindex scheme_max sub_video dynamic_contrast 02⤵
- Power Settings
PID:2272
-
-
C:\Windows\system32\powercfg.exepowercfg /setacvalueindex scheme_max sub_dvd video_speed 1002⤵PID:1632
-
-
C:\Windows\system32\powercfg.exepowercfg /setdcvalueindex scheme_max sub_dvd video_speed 1002⤵PID:856
-
-
C:\Windows\system32\powercfg.exepowercfg /setacvalueindex scheme_max sub_system cooling_policy 12⤵PID:2816
-
-
C:\Windows\system32\powercfg.exepowercfg /setdcvalueindex scheme_max sub_system cooling_policy 12⤵
- Power Settings
PID:2720
-
-
C:\Windows\system32\powercfg.exepowercfg /setacvalueindex scheme_max sub_system processor_power_policy 12⤵PID:2712
-
-
C:\Windows\system32\powercfg.exepowercfg /setdcvalueindex scheme_max sub_system processor_power_policy 12⤵PID:3032
-
-
C:\Windows\system32\powercfg.exepowercfg /setacvalueindex scheme_max sub_memory standby_policy 12⤵PID:2820
-
-
C:\Windows\system32\powercfg.exepowercfg /setdcvalueindex scheme_max sub_memory standby_policy 12⤵PID:2824
-
-
C:\Windows\system32\powercfg.exepowercfg /setacvalueindex scheme_max sub_system cpu_core 1002⤵PID:2576
-
-
C:\Windows\system32\powercfg.exepowercfg /setdcvalueindex scheme_max sub_system cpu_core 1002⤵
- Power Settings
PID:744
-
-
C:\Windows\system32\powercfg.exepowercfg /setacvalueindex scheme_max sub_processor clock_speed 1002⤵PID:2768
-
-
C:\Windows\system32\powercfg.exepowercfg /setdcvalueindex scheme_max sub_processor clock_speed 1002⤵PID:2728
-
-
C:\Windows\system32\powercfg.exepowercfg -h off2⤵
- Power Settings
PID:2172
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c findstr /b ::: "C:\Users\Admin\AppData\Local\Temp\Octo Free Tweaking Utility V1.0.bat"2⤵PID:2836
-
C:\Windows\system32\findstr.exefindstr /b ::: "C:\Users\Admin\AppData\Local\Temp\Octo Free Tweaking Utility V1.0.bat"3⤵PID:2596
-
-
-
C:\Windows\system32\powercfg.exepowercfg -change -monitor-timeout-ac 02⤵PID:2928
-
-
C:\Windows\system32\powercfg.exepowercfg -change -monitor-timeout-dc 02⤵PID:2944
-
-
C:\Windows\system32\powercfg.exepowercfg -change -standby-timeout-ac 02⤵
- Power Settings
PID:2592
-
-
C:\Windows\system32\powercfg.exepowercfg -change -standby-timeout-dc 02⤵
- Power Settings
PID:1700
-
-
C:\Windows\system32\powercfg.exepowercfg -setactive scheme_max2⤵
- Power Settings
PID:2704
-
-
C:\Windows\system32\powercfg.exepowercfg /setacvalueindex scheme_max sub_processor PROCTHROTTLEMAX 1002⤵
- Power Settings
PID:2732
-
-
C:\Windows\system32\powercfg.exepowercfg /setdcvalueindex scheme_max sub_processor PROCTHROTTLEMAX 1002⤵
- Power Settings
PID:2680
-
-
C:\Windows\system32\powercfg.exepowercfg /setacvalueindex scheme_max sub_processor PROCTHROTTLEMIN 1002⤵PID:2804
-
-
C:\Windows\system32\powercfg.exepowercfg /setdcvalueindex scheme_max sub_processor PROCTHROTTLEMIN 1002⤵PID:2568
-
-
C:\Windows\system32\powercfg.exepowercfg /setacvalueindex scheme_max sub_display brightness 1002⤵PID:2564
-
-
C:\Windows\system32\powercfg.exepowercfg /setdcvalueindex scheme_max sub_display brightness 1002⤵PID:2584
-
-
C:\Windows\system32\powercfg.exepowercfg /setacvalueindex scheme_max sub_disk disk_idle 02⤵PID:2600
-
-
C:\Windows\system32\powercfg.exepowercfg /setdcvalueindex scheme_max sub_disk disk_idle 02⤵
- Power Settings
PID:2632
-
-
C:\Windows\system32\powercfg.exepowercfg /setacvalueindex scheme_max sub_disk idle_time 02⤵PID:2644
-
-
C:\Windows\system32\powercfg.exepowercfg /setdcvalueindex scheme_max sub_disk idle_time 02⤵PID:1840
-
-
C:\Windows\system32\powercfg.exepowercfg /setacvalueindex scheme_max sub_usb selective_suspend 02⤵PID:444
-
-
C:\Windows\system32\powercfg.exepowercfg /setdcvalueindex scheme_max sub_usb selective_suspend 02⤵PID:2284
-
-
C:\Windows\system32\powercfg.exepowercfg /setacvalueindex scheme_max sub_video adaptive_display 02⤵PID:624
-
-
C:\Windows\system32\powercfg.exepowercfg /setdcvalueindex scheme_max sub_video adaptive_display 02⤵PID:2448
-
-
C:\Windows\system32\powercfg.exepowercfg /setacvalueindex scheme_max sub_display brightness 1002⤵PID:2088
-
-
C:\Windows\system32\powercfg.exepowercfg /setdcvalueindex scheme_max sub_display brightness 1002⤵PID:2612
-
-
C:\Windows\system32\powercfg.exepowercfg /setacvalueindex scheme_max sub_cpu idle_timeout 02⤵PID:1108
-
-
C:\Windows\system32\powercfg.exepowercfg /setdcvalueindex scheme_max sub_cpu idle_timeout 02⤵PID:2636
-
-
C:\Windows\system32\powercfg.exepowercfg /setacvalueindex scheme_max sub_hybrid sleep 02⤵PID:2036
-
-
C:\Windows\system32\powercfg.exepowercfg /setdcvalueindex scheme_max sub_hybrid sleep 02⤵
- Power Settings
PID:2952
-
-
C:\Windows\system32\powercfg.exepowercfg /setacvalueindex scheme_max sub_graphics adaptive_graphics 02⤵PID:2628
-
-
C:\Windows\system32\powercfg.exepowercfg /setdcvalueindex scheme_max sub_graphics adaptive_graphics 02⤵
- Power Settings
PID:2656
-
-
C:\Windows\system32\powercfg.exepowercfg /setacvalueindex scheme_max sub_processor PERFDISPLAY 02⤵
- Power Settings
PID:2960
-
-
C:\Windows\system32\powercfg.exepowercfg /setdcvalueindex scheme_max sub_processor PERFDISPLAY 02⤵PID:1604
-
-
C:\Windows\system32\powercfg.exepowercfg /setacvalueindex scheme_max sub_processor PROCFREQUENCY 1002⤵PID:1660
-
-
C:\Windows\system32\powercfg.exepowercfg /setdcvalueindex scheme_max sub_processor PROCFREQUENCY 1002⤵
- Power Settings
PID:1612
-
-
C:\Windows\system32\powercfg.exepowercfg /setacvalueindex scheme_max sub_video dynamic_contrast 02⤵
- Power Settings
PID:2668
-
-
C:\Windows\system32\powercfg.exepowercfg /setdcvalueindex scheme_max sub_video dynamic_contrast 02⤵PID:2856
-
-
C:\Windows\system32\powercfg.exepowercfg /setacvalueindex scheme_max sub_dvd video_speed 1002⤵PID:2888
-
-
C:\Windows\system32\powercfg.exepowercfg /setdcvalueindex scheme_max sub_dvd video_speed 1002⤵PID:2744
-
-
C:\Windows\system32\powercfg.exepowercfg /setacvalueindex scheme_max sub_system cooling_policy 12⤵PID:2852
-
-
C:\Windows\system32\powercfg.exepowercfg /setdcvalueindex scheme_max sub_system cooling_policy 12⤵PID:2848
-
-
C:\Windows\system32\powercfg.exepowercfg /setacvalueindex scheme_max sub_system processor_power_policy 12⤵PID:2400
-
-
C:\Windows\system32\powercfg.exepowercfg /setdcvalueindex scheme_max sub_system processor_power_policy 12⤵PID:1904
-
-
C:\Windows\system32\powercfg.exepowercfg /setacvalueindex scheme_max sub_memory standby_policy 12⤵PID:2916
-
-
C:\Windows\system32\powercfg.exepowercfg /setdcvalueindex scheme_max sub_memory standby_policy 12⤵PID:2464
-
-
C:\Windows\system32\powercfg.exepowercfg /setacvalueindex scheme_max sub_system cpu_core 1002⤵PID:1736
-
-
C:\Windows\system32\powercfg.exepowercfg /setdcvalueindex scheme_max sub_system cpu_core 1002⤵PID:1308
-
-
C:\Windows\system32\powercfg.exepowercfg /setacvalueindex scheme_max sub_processor clock_speed 1002⤵PID:2876
-
-
C:\Windows\system32\powercfg.exepowercfg /setdcvalueindex scheme_max sub_processor clock_speed 1002⤵PID:2880
-
-
C:\Windows\system32\powercfg.exepowercfg -h off2⤵
- Power Settings
PID:2748
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c findstr /b ::: "C:\Users\Admin\AppData\Local\Temp\Octo Free Tweaking Utility V1.0.bat"2⤵PID:1616
-
C:\Windows\system32\findstr.exefindstr /b ::: "C:\Users\Admin\AppData\Local\Temp\Octo Free Tweaking Utility V1.0.bat"3⤵PID:1144
-
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SubscribedContent-310093Enabled" /t REG_DWORD /d 0 /f2⤵PID:2940
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -Command "Get-CimInstance -ClassName Win32_StartupCommand | Remove-CimInstance"2⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
PID:1880
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -Command "Set-Service -Name "wuauserv" -StartupType Disabled # Windows Update Service"2⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
PID:2996
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -Command "Set-Service -Name "Spooler" -StartupType Disabled # Print Spooler"2⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
PID:2212
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -Command "Set-Service -Name "RemoteRegistry" -StartupType Disabled"2⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
PID:2124
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -Command "Set-Service -Name "Superfetch" -StartupType Disabled "2⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
PID:1128
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -Command "Set-Service -Name "WMPNetworkSvc" -StartupType Disabled Set-MpPreference -DisableRealtimeMonitoring $true"2⤵
- Command and Scripting Interpreter: PowerShell
PID:1592
-
-
C:\Windows\helppane.exeC:\Windows\helppane.exe -Embedding1⤵
- Modifies Internet Explorer settings
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:2332
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms
Filesize7KB
MD5ce36a2f713da848eaba3779dfe6b489c
SHA1795bf16651611f67950dcf917b321cd452ac7392
SHA2569db989accc8b0431f074bf6147a091662518d882ca4871f40dd2176de4362caf
SHA512ed51ac72fe95e8719dbbd8f4ee4f3cf66ce8ac33c9133e134c4563eba27f6b36dbd4de162632210f4654d3897742935bf02fa2f1b84d6a3a8410906b96d32bd3