Analysis

  • max time kernel
    55s
  • max time network
    16s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    09/11/2024, 21:38

General

  • Target

    Octo Free Tweaking Utility V1.0.bat

  • Size

    32KB

  • MD5

    8392add3fcbeded059c0788e13305148

  • SHA1

    aabebd21818beb9d92354a26bff3b091f6d33070

  • SHA256

    bd035666f01df67518bf6a7976e58d019fe4281b7cc959bc623b5bbc8cb6aa31

  • SHA512

    454321ad19d4544632c51d02a2cd9adb48d856a982e45afdf2c2abd06412a212bb4ee60075ceee1f46370ecb722ed73d0749fd9cae1f627cfd3013d221728774

  • SSDEEP

    384:5TFAFXvNHSuTB4VPVVpZzBYqvRBzalRL/TJ:5TqXDSPVVpZzclRL/TJ

Malware Config

Signatures

  • Command and Scripting Interpreter: PowerShell 1 TTPs 6 IoCs

    Run Powershell to get system information.

  • Power Settings 1 TTPs 64 IoCs

    powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.

  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 5 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\Octo Free Tweaking Utility V1.0.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2196
    • C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c findstr /b ::: "C:\Users\Admin\AppData\Local\Temp\Octo Free Tweaking Utility V1.0.bat"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2256
      • C:\Windows\system32\findstr.exe
        findstr /b ::: "C:\Users\Admin\AppData\Local\Temp\Octo Free Tweaking Utility V1.0.bat"
        3⤵
          PID:2192
      • C:\Windows\system32\powercfg.exe
        powercfg -change -monitor-timeout-ac 0
        2⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:2672
      • C:\Windows\system32\powercfg.exe
        powercfg -change -monitor-timeout-dc 0
        2⤵
        • Power Settings
        • Suspicious use of AdjustPrivilegeToken
        PID:2724
      • C:\Windows\system32\powercfg.exe
        powercfg -change -standby-timeout-ac 0
        2⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:2692
      • C:\Windows\system32\powercfg.exe
        powercfg -change -standby-timeout-dc 0
        2⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:2832
      • C:\Windows\system32\powercfg.exe
        powercfg -setactive scheme_max
        2⤵
        • Power Settings
        • Suspicious use of AdjustPrivilegeToken
        PID:2700
      • C:\Windows\system32\powercfg.exe
        powercfg /setacvalueindex scheme_max sub_processor PROCTHROTTLEMAX 100
        2⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:2860
      • C:\Windows\system32\powercfg.exe
        powercfg /setdcvalueindex scheme_max sub_processor PROCTHROTTLEMAX 100
        2⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:2168
      • C:\Windows\system32\powercfg.exe
        powercfg /setacvalueindex scheme_max sub_processor PROCTHROTTLEMIN 100
        2⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:3028
      • C:\Windows\system32\powercfg.exe
        powercfg /setdcvalueindex scheme_max sub_processor PROCTHROTTLEMIN 100
        2⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:2684
      • C:\Windows\system32\powercfg.exe
        powercfg /setacvalueindex scheme_max sub_display brightness 100
        2⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:2828
      • C:\Windows\system32\powercfg.exe
        powercfg /setdcvalueindex scheme_max sub_display brightness 100
        2⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:2604
      • C:\Windows\system32\powercfg.exe
        powercfg /setacvalueindex scheme_max sub_disk disk_idle 0
        2⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:2904
      • C:\Windows\system32\powercfg.exe
        powercfg /setdcvalueindex scheme_max sub_disk disk_idle 0
        2⤵
        • Power Settings
        • Suspicious use of AdjustPrivilegeToken
        PID:2812
      • C:\Windows\system32\powercfg.exe
        powercfg /setacvalueindex scheme_max sub_disk idle_time 0
        2⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:2920
      • C:\Windows\system32\powercfg.exe
        powercfg /setdcvalueindex scheme_max sub_disk idle_time 0
        2⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:2912
      • C:\Windows\system32\powercfg.exe
        powercfg /setacvalueindex scheme_max sub_usb selective_suspend 0
        2⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:2300
      • C:\Windows\system32\powercfg.exe
        powercfg /setdcvalueindex scheme_max sub_usb selective_suspend 0
        2⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:2740
      • C:\Windows\system32\powercfg.exe
        powercfg /setacvalueindex scheme_max sub_video adaptive_display 0
        2⤵
        • Power Settings
        • Suspicious use of AdjustPrivilegeToken
        PID:2736
      • C:\Windows\system32\powercfg.exe
        powercfg /setdcvalueindex scheme_max sub_video adaptive_display 0
        2⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:2616
      • C:\Windows\system32\powercfg.exe
        powercfg /setacvalueindex scheme_max sub_display brightness 100
        2⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:2624
      • C:\Windows\system32\powercfg.exe
        powercfg /setdcvalueindex scheme_max sub_display brightness 100
        2⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:1908
      • C:\Windows\system32\powercfg.exe
        powercfg /setacvalueindex scheme_max sub_cpu idle_timeout 0
        2⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:2572
      • C:\Windows\system32\powercfg.exe
        powercfg /setdcvalueindex scheme_max sub_cpu idle_timeout 0
        2⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:2580
      • C:\Windows\system32\powercfg.exe
        powercfg /setacvalueindex scheme_max sub_hybrid sleep 0
        2⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:2588
      • C:\Windows\system32\powercfg.exe
        powercfg /setdcvalueindex scheme_max sub_hybrid sleep 0
        2⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:2620
      • C:\Windows\system32\powercfg.exe
        powercfg /setacvalueindex scheme_max sub_graphics adaptive_graphics 0
        2⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:2640
      • C:\Windows\system32\powercfg.exe
        powercfg /setdcvalueindex scheme_max sub_graphics adaptive_graphics 0
        2⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:2688
      • C:\Windows\system32\powercfg.exe
        powercfg /setacvalueindex scheme_max sub_processor PERFDISPLAY 0
        2⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:796
      • C:\Windows\system32\powercfg.exe
        powercfg /setdcvalueindex scheme_max sub_processor PERFDISPLAY 0
        2⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:1788
      • C:\Windows\system32\powercfg.exe
        powercfg /setacvalueindex scheme_max sub_processor PROCFREQUENCY 100
        2⤵
        • Power Settings
        • Suspicious use of AdjustPrivilegeToken
        PID:976
      • C:\Windows\system32\powercfg.exe
        powercfg /setdcvalueindex scheme_max sub_processor PROCFREQUENCY 100
        2⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:2392
      • C:\Windows\system32\powercfg.exe
        powercfg /setacvalueindex scheme_max sub_video dynamic_contrast 0
        2⤵
        • Power Settings
        • Suspicious use of AdjustPrivilegeToken
        PID:2288
      • C:\Windows\system32\powercfg.exe
        powercfg /setdcvalueindex scheme_max sub_video dynamic_contrast 0
        2⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:2292
      • C:\Windows\system32\powercfg.exe
        powercfg /setacvalueindex scheme_max sub_dvd video_speed 100
        2⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:2032
      • C:\Windows\system32\powercfg.exe
        powercfg /setdcvalueindex scheme_max sub_dvd video_speed 100
        2⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:2312
      • C:\Windows\system32\powercfg.exe
        powercfg /setacvalueindex scheme_max sub_system cooling_policy 1
        2⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:2760
      • C:\Windows\system32\powercfg.exe
        powercfg /setdcvalueindex scheme_max sub_system cooling_policy 1
        2⤵
        • Power Settings
        • Suspicious use of AdjustPrivilegeToken
        PID:2040
      • C:\Windows\system32\powercfg.exe
        powercfg /setacvalueindex scheme_max sub_system processor_power_policy 1
        2⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:2892
      • C:\Windows\system32\powercfg.exe
        powercfg /setdcvalueindex scheme_max sub_system processor_power_policy 1
        2⤵
        • Power Settings
        • Suspicious use of AdjustPrivilegeToken
        PID:1900
      • C:\Windows\system32\powercfg.exe
        powercfg /setacvalueindex scheme_max sub_memory standby_policy 1
        2⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:2884
      • C:\Windows\system32\powercfg.exe
        powercfg /setdcvalueindex scheme_max sub_memory standby_policy 1
        2⤵
        • Power Settings
        • Suspicious use of AdjustPrivilegeToken
        PID:1204
      • C:\Windows\system32\powercfg.exe
        powercfg /setacvalueindex scheme_max sub_system cpu_core 100
        2⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:288
      • C:\Windows\system32\powercfg.exe
        powercfg /setdcvalueindex scheme_max sub_system cpu_core 100
        2⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:1716
      • C:\Windows\system32\powercfg.exe
        powercfg /setacvalueindex scheme_max sub_processor clock_speed 100
        2⤵
        • Power Settings
        • Suspicious use of AdjustPrivilegeToken
        PID:2556
      • C:\Windows\system32\powercfg.exe
        powercfg /setdcvalueindex scheme_max sub_processor clock_speed 100
        2⤵
        • Power Settings
        • Suspicious use of AdjustPrivilegeToken
        PID:2756
      • C:\Windows\system32\powercfg.exe
        powercfg -h off
        2⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:2864
      • C:\Windows\system32\cmd.exe
        C:\Windows\system32\cmd.exe /c findstr /b ::: "C:\Users\Admin\AppData\Local\Temp\Octo Free Tweaking Utility V1.0.bat"
        2⤵
          PID:2896
          • C:\Windows\system32\findstr.exe
            findstr /b ::: "C:\Users\Admin\AppData\Local\Temp\Octo Free Tweaking Utility V1.0.bat"
            3⤵
              PID:2936
          • C:\Windows\system32\powercfg.exe
            powercfg -change -monitor-timeout-ac 0
            2⤵
            • Suspicious use of AdjustPrivilegeToken
            PID:2900
          • C:\Windows\system32\powercfg.exe
            powercfg -change -monitor-timeout-dc 0
            2⤵
            • Suspicious use of AdjustPrivilegeToken
            PID:2908
          • C:\Windows\system32\powercfg.exe
            powercfg -change -standby-timeout-ac 0
            2⤵
            • Suspicious use of AdjustPrivilegeToken
            PID:1268
          • C:\Windows\system32\powercfg.exe
            powercfg -change -standby-timeout-dc 0
            2⤵
            • Power Settings
            • Suspicious use of AdjustPrivilegeToken
            PID:2096
          • C:\Windows\system32\powercfg.exe
            powercfg -setactive scheme_max
            2⤵
            • Suspicious use of AdjustPrivilegeToken
            PID:1244
          • C:\Windows\system32\powercfg.exe
            powercfg /setacvalueindex scheme_max sub_processor PROCTHROTTLEMAX 100
            2⤵
            • Suspicious use of AdjustPrivilegeToken
            PID:284
          • C:\Windows\system32\powercfg.exe
            powercfg /setdcvalueindex scheme_max sub_processor PROCTHROTTLEMAX 100
            2⤵
            • Power Settings
            • Suspicious use of AdjustPrivilegeToken
            PID:1256
          • C:\Windows\system32\powercfg.exe
            powercfg /setacvalueindex scheme_max sub_processor PROCTHROTTLEMIN 100
            2⤵
            • Suspicious use of AdjustPrivilegeToken
            PID:1252
          • C:\Windows\system32\powercfg.exe
            powercfg /setdcvalueindex scheme_max sub_processor PROCTHROTTLEMIN 100
            2⤵
            • Suspicious use of AdjustPrivilegeToken
            PID:2868
          • C:\Windows\system32\powercfg.exe
            powercfg /setacvalueindex scheme_max sub_display brightness 100
            2⤵
            • Power Settings
            PID:1920
          • C:\Windows\system32\powercfg.exe
            powercfg /setdcvalueindex scheme_max sub_display brightness 100
            2⤵
              PID:2120
            • C:\Windows\system32\powercfg.exe
              powercfg /setacvalueindex scheme_max sub_disk disk_idle 0
              2⤵
                PID:2396
              • C:\Windows\system32\powercfg.exe
                powercfg /setdcvalueindex scheme_max sub_disk disk_idle 0
                2⤵
                  PID:1996
                • C:\Windows\system32\powercfg.exe
                  powercfg /setacvalueindex scheme_max sub_disk idle_time 0
                  2⤵
                    PID:1148
                  • C:\Windows\system32\powercfg.exe
                    powercfg /setdcvalueindex scheme_max sub_disk idle_time 0
                    2⤵
                    • Power Settings
                    PID:1376
                  • C:\Windows\system32\powercfg.exe
                    powercfg /setacvalueindex scheme_max sub_usb selective_suspend 0
                    2⤵
                      PID:2948
                    • C:\Windows\system32\powercfg.exe
                      powercfg /setdcvalueindex scheme_max sub_usb selective_suspend 0
                      2⤵
                      • Power Settings
                      PID:2044
                    • C:\Windows\system32\powercfg.exe
                      powercfg /setacvalueindex scheme_max sub_video adaptive_display 0
                      2⤵
                        PID:1380
                      • C:\Windows\system32\powercfg.exe
                        powercfg /setdcvalueindex scheme_max sub_video adaptive_display 0
                        2⤵
                          PID:1420
                        • C:\Windows\system32\powercfg.exe
                          powercfg /setacvalueindex scheme_max sub_display brightness 100
                          2⤵
                          • Power Settings
                          PID:2984
                        • C:\Windows\system32\powercfg.exe
                          powercfg /setdcvalueindex scheme_max sub_display brightness 100
                          2⤵
                            PID:3008
                          • C:\Windows\system32\powercfg.exe
                            powercfg /setacvalueindex scheme_max sub_cpu idle_timeout 0
                            2⤵
                            • Power Settings
                            PID:2996
                          • C:\Windows\system32\powercfg.exe
                            powercfg /setdcvalueindex scheme_max sub_cpu idle_timeout 0
                            2⤵
                              PID:2980
                            • C:\Windows\system32\powercfg.exe
                              powercfg /setacvalueindex scheme_max sub_hybrid sleep 0
                              2⤵
                                PID:2988
                              • C:\Windows\system32\powercfg.exe
                                powercfg /setdcvalueindex scheme_max sub_hybrid sleep 0
                                2⤵
                                • Power Settings
                                PID:2968
                              • C:\Windows\system32\powercfg.exe
                                powercfg /setacvalueindex scheme_max sub_graphics adaptive_graphics 0
                                2⤵
                                • Power Settings
                                PID:2976
                              • C:\Windows\system32\powercfg.exe
                                powercfg /setdcvalueindex scheme_max sub_graphics adaptive_graphics 0
                                2⤵
                                  PID:1516
                                • C:\Windows\system32\powercfg.exe
                                  powercfg /setacvalueindex scheme_max sub_processor PERFDISPLAY 0
                                  2⤵
                                    PID:1304
                                  • C:\Windows\system32\powercfg.exe
                                    powercfg /setdcvalueindex scheme_max sub_processor PERFDISPLAY 0
                                    2⤵
                                      PID:1688
                                    • C:\Windows\system32\powercfg.exe
                                      powercfg /setacvalueindex scheme_max sub_processor PROCFREQUENCY 100
                                      2⤵
                                        PID:2380
                                      • C:\Windows\system32\powercfg.exe
                                        powercfg /setdcvalueindex scheme_max sub_processor PROCFREQUENCY 100
                                        2⤵
                                          PID:2212
                                        • C:\Windows\system32\powercfg.exe
                                          powercfg /setacvalueindex scheme_max sub_video dynamic_contrast 0
                                          2⤵
                                            PID:1792
                                          • C:\Windows\system32\powercfg.exe
                                            powercfg /setdcvalueindex scheme_max sub_video dynamic_contrast 0
                                            2⤵
                                              PID:1964
                                            • C:\Windows\system32\powercfg.exe
                                              powercfg /setacvalueindex scheme_max sub_dvd video_speed 100
                                              2⤵
                                                PID:528
                                              • C:\Windows\system32\powercfg.exe
                                                powercfg /setdcvalueindex scheme_max sub_dvd video_speed 100
                                                2⤵
                                                  PID:1780
                                                • C:\Windows\system32\powercfg.exe
                                                  powercfg /setacvalueindex scheme_max sub_system cooling_policy 1
                                                  2⤵
                                                    PID:2336
                                                  • C:\Windows\system32\powercfg.exe
                                                    powercfg /setdcvalueindex scheme_max sub_system cooling_policy 1
                                                    2⤵
                                                    • Power Settings
                                                    PID:340
                                                  • C:\Windows\system32\powercfg.exe
                                                    powercfg /setacvalueindex scheme_max sub_system processor_power_policy 1
                                                    2⤵
                                                      PID:2664
                                                    • C:\Windows\system32\powercfg.exe
                                                      powercfg /setdcvalueindex scheme_max sub_system processor_power_policy 1
                                                      2⤵
                                                      • Power Settings
                                                      PID:264
                                                    • C:\Windows\system32\powercfg.exe
                                                      powercfg /setacvalueindex scheme_max sub_memory standby_policy 1
                                                      2⤵
                                                      • Power Settings
                                                      PID:2268
                                                    • C:\Windows\system32\powercfg.exe
                                                      powercfg /setdcvalueindex scheme_max sub_memory standby_policy 1
                                                      2⤵
                                                        PID:1088
                                                      • C:\Windows\system32\powercfg.exe
                                                        powercfg /setacvalueindex scheme_max sub_system cpu_core 100
                                                        2⤵
                                                        • Power Settings
                                                        PID:2148
                                                      • C:\Windows\system32\powercfg.exe
                                                        powercfg /setdcvalueindex scheme_max sub_system cpu_core 100
                                                        2⤵
                                                        • Power Settings
                                                        PID:872
                                                      • C:\Windows\system32\powercfg.exe
                                                        powercfg /setacvalueindex scheme_max sub_processor clock_speed 100
                                                        2⤵
                                                          PID:2108
                                                        • C:\Windows\system32\powercfg.exe
                                                          powercfg /setdcvalueindex scheme_max sub_processor clock_speed 100
                                                          2⤵
                                                            PID:1724
                                                          • C:\Windows\system32\powercfg.exe
                                                            powercfg -h off
                                                            2⤵
                                                              PID:2416
                                                            • C:\Windows\system32\cmd.exe
                                                              C:\Windows\system32\cmd.exe /c findstr /b ::: "C:\Users\Admin\AppData\Local\Temp\Octo Free Tweaking Utility V1.0.bat"
                                                              2⤵
                                                                PID:1128
                                                                • C:\Windows\system32\findstr.exe
                                                                  findstr /b ::: "C:\Users\Admin\AppData\Local\Temp\Octo Free Tweaking Utility V1.0.bat"
                                                                  3⤵
                                                                    PID:2552
                                                                • C:\Windows\system32\powercfg.exe
                                                                  powercfg -change -monitor-timeout-ac 0
                                                                  2⤵
                                                                    PID:2468
                                                                  • C:\Windows\system32\powercfg.exe
                                                                    powercfg -change -monitor-timeout-dc 0
                                                                    2⤵
                                                                      PID:2104
                                                                    • C:\Windows\system32\powercfg.exe
                                                                      powercfg -change -standby-timeout-ac 0
                                                                      2⤵
                                                                      • Power Settings
                                                                      PID:2480
                                                                    • C:\Windows\system32\powercfg.exe
                                                                      powercfg -change -standby-timeout-dc 0
                                                                      2⤵
                                                                      • Power Settings
                                                                      PID:2992
                                                                    • C:\Windows\system32\powercfg.exe
                                                                      powercfg -setactive scheme_max
                                                                      2⤵
                                                                        PID:1608
                                                                      • C:\Windows\system32\powercfg.exe
                                                                        powercfg /setacvalueindex scheme_max sub_processor PROCTHROTTLEMAX 100
                                                                        2⤵
                                                                          PID:828
                                                                        • C:\Windows\system32\powercfg.exe
                                                                          powercfg /setdcvalueindex scheme_max sub_processor PROCTHROTTLEMAX 100
                                                                          2⤵
                                                                            PID:1980
                                                                          • C:\Windows\system32\powercfg.exe
                                                                            powercfg /setacvalueindex scheme_max sub_processor PROCTHROTTLEMIN 100
                                                                            2⤵
                                                                              PID:948
                                                                            • C:\Windows\system32\powercfg.exe
                                                                              powercfg /setdcvalueindex scheme_max sub_processor PROCTHROTTLEMIN 100
                                                                              2⤵
                                                                              • Power Settings
                                                                              PID:1364
                                                                            • C:\Windows\system32\powercfg.exe
                                                                              powercfg /setacvalueindex scheme_max sub_display brightness 100
                                                                              2⤵
                                                                              • Power Settings
                                                                              PID:1836
                                                                            • C:\Windows\system32\powercfg.exe
                                                                              powercfg /setdcvalueindex scheme_max sub_display brightness 100
                                                                              2⤵
                                                                                PID:1072
                                                                              • C:\Windows\system32\powercfg.exe
                                                                                powercfg /setacvalueindex scheme_max sub_disk disk_idle 0
                                                                                2⤵
                                                                                • Power Settings
                                                                                PID:1288
                                                                              • C:\Windows\system32\powercfg.exe
                                                                                powercfg /setdcvalueindex scheme_max sub_disk disk_idle 0
                                                                                2⤵
                                                                                  PID:1984
                                                                                • C:\Windows\system32\powercfg.exe
                                                                                  powercfg /setacvalueindex scheme_max sub_disk idle_time 0
                                                                                  2⤵
                                                                                    PID:3056
                                                                                  • C:\Windows\system32\powercfg.exe
                                                                                    powercfg /setdcvalueindex scheme_max sub_disk idle_time 0
                                                                                    2⤵
                                                                                      PID:2352
                                                                                    • C:\Windows\system32\powercfg.exe
                                                                                      powercfg /setacvalueindex scheme_max sub_usb selective_suspend 0
                                                                                      2⤵
                                                                                        PID:1664
                                                                                      • C:\Windows\system32\powercfg.exe
                                                                                        powercfg /setdcvalueindex scheme_max sub_usb selective_suspend 0
                                                                                        2⤵
                                                                                          PID:1956
                                                                                        • C:\Windows\system32\powercfg.exe
                                                                                          powercfg /setacvalueindex scheme_max sub_video adaptive_display 0
                                                                                          2⤵
                                                                                          • Power Settings
                                                                                          PID:1692
                                                                                        • C:\Windows\system32\powercfg.exe
                                                                                          powercfg /setdcvalueindex scheme_max sub_video adaptive_display 0
                                                                                          2⤵
                                                                                          • Power Settings
                                                                                          PID:760
                                                                                        • C:\Windows\system32\powercfg.exe
                                                                                          powercfg /setacvalueindex scheme_max sub_display brightness 100
                                                                                          2⤵
                                                                                            PID:1944
                                                                                          • C:\Windows\system32\powercfg.exe
                                                                                            powercfg /setdcvalueindex scheme_max sub_display brightness 100
                                                                                            2⤵
                                                                                              PID:888
                                                                                            • C:\Windows\system32\powercfg.exe
                                                                                              powercfg /setacvalueindex scheme_max sub_cpu idle_timeout 0
                                                                                              2⤵
                                                                                                PID:648
                                                                                              • C:\Windows\system32\powercfg.exe
                                                                                                powercfg /setdcvalueindex scheme_max sub_cpu idle_timeout 0
                                                                                                2⤵
                                                                                                • Power Settings
                                                                                                PID:2440
                                                                                              • C:\Windows\system32\powercfg.exe
                                                                                                powercfg /setacvalueindex scheme_max sub_hybrid sleep 0
                                                                                                2⤵
                                                                                                  PID:600
                                                                                                • C:\Windows\system32\powercfg.exe
                                                                                                  powercfg /setdcvalueindex scheme_max sub_hybrid sleep 0
                                                                                                  2⤵
                                                                                                    PID:1624
                                                                                                  • C:\Windows\system32\powercfg.exe
                                                                                                    powercfg /setacvalueindex scheme_max sub_graphics adaptive_graphics 0
                                                                                                    2⤵
                                                                                                      PID:1320
                                                                                                    • C:\Windows\system32\powercfg.exe
                                                                                                      powercfg /setdcvalueindex scheme_max sub_graphics adaptive_graphics 0
                                                                                                      2⤵
                                                                                                      • Power Settings
                                                                                                      PID:852
                                                                                                    • C:\Windows\system32\powercfg.exe
                                                                                                      powercfg /setacvalueindex scheme_max sub_processor PERFDISPLAY 0
                                                                                                      2⤵
                                                                                                        PID:396
                                                                                                      • C:\Windows\system32\powercfg.exe
                                                                                                        powercfg /setdcvalueindex scheme_max sub_processor PERFDISPLAY 0
                                                                                                        2⤵
                                                                                                          PID:1772
                                                                                                        • C:\Windows\system32\powercfg.exe
                                                                                                          powercfg /setacvalueindex scheme_max sub_processor PROCFREQUENCY 100
                                                                                                          2⤵
                                                                                                          • Power Settings
                                                                                                          PID:1528
                                                                                                        • C:\Windows\system32\powercfg.exe
                                                                                                          powercfg /setdcvalueindex scheme_max sub_processor PROCFREQUENCY 100
                                                                                                          2⤵
                                                                                                          • Power Settings
                                                                                                          PID:1720
                                                                                                        • C:\Windows\system32\powercfg.exe
                                                                                                          powercfg /setacvalueindex scheme_max sub_video dynamic_contrast 0
                                                                                                          2⤵
                                                                                                            PID:752
                                                                                                          • C:\Windows\system32\powercfg.exe
                                                                                                            powercfg /setdcvalueindex scheme_max sub_video dynamic_contrast 0
                                                                                                            2⤵
                                                                                                              PID:2128
                                                                                                            • C:\Windows\system32\powercfg.exe
                                                                                                              powercfg /setacvalueindex scheme_max sub_dvd video_speed 100
                                                                                                              2⤵
                                                                                                                PID:372
                                                                                                              • C:\Windows\system32\powercfg.exe
                                                                                                                powercfg /setdcvalueindex scheme_max sub_dvd video_speed 100
                                                                                                                2⤵
                                                                                                                  PID:1728
                                                                                                                • C:\Windows\system32\powercfg.exe
                                                                                                                  powercfg /setacvalueindex scheme_max sub_system cooling_policy 1
                                                                                                                  2⤵
                                                                                                                    PID:1048
                                                                                                                  • C:\Windows\system32\powercfg.exe
                                                                                                                    powercfg /setdcvalueindex scheme_max sub_system cooling_policy 1
                                                                                                                    2⤵
                                                                                                                      PID:2500
                                                                                                                    • C:\Windows\system32\powercfg.exe
                                                                                                                      powercfg /setacvalueindex scheme_max sub_system processor_power_policy 1
                                                                                                                      2⤵
                                                                                                                        PID:1588
                                                                                                                      • C:\Windows\system32\powercfg.exe
                                                                                                                        powercfg /setdcvalueindex scheme_max sub_system processor_power_policy 1
                                                                                                                        2⤵
                                                                                                                          PID:2544
                                                                                                                        • C:\Windows\system32\powercfg.exe
                                                                                                                          powercfg /setacvalueindex scheme_max sub_memory standby_policy 1
                                                                                                                          2⤵
                                                                                                                            PID:1412
                                                                                                                          • C:\Windows\system32\powercfg.exe
                                                                                                                            powercfg /setdcvalueindex scheme_max sub_memory standby_policy 1
                                                                                                                            2⤵
                                                                                                                              PID:1892
                                                                                                                            • C:\Windows\system32\powercfg.exe
                                                                                                                              powercfg /setacvalueindex scheme_max sub_system cpu_core 100
                                                                                                                              2⤵
                                                                                                                                PID:564
                                                                                                                              • C:\Windows\system32\powercfg.exe
                                                                                                                                powercfg /setdcvalueindex scheme_max sub_system cpu_core 100
                                                                                                                                2⤵
                                                                                                                                  PID:568
                                                                                                                                • C:\Windows\system32\powercfg.exe
                                                                                                                                  powercfg /setacvalueindex scheme_max sub_processor clock_speed 100
                                                                                                                                  2⤵
                                                                                                                                    PID:2504
                                                                                                                                  • C:\Windows\system32\powercfg.exe
                                                                                                                                    powercfg /setdcvalueindex scheme_max sub_processor clock_speed 100
                                                                                                                                    2⤵
                                                                                                                                      PID:2140
                                                                                                                                    • C:\Windows\system32\powercfg.exe
                                                                                                                                      powercfg -h off
                                                                                                                                      2⤵
                                                                                                                                        PID:676
                                                                                                                                      • C:\Windows\system32\cmd.exe
                                                                                                                                        C:\Windows\system32\cmd.exe /c findstr /b ::: "C:\Users\Admin\AppData\Local\Temp\Octo Free Tweaking Utility V1.0.bat"
                                                                                                                                        2⤵
                                                                                                                                          PID:2060
                                                                                                                                          • C:\Windows\system32\findstr.exe
                                                                                                                                            findstr /b ::: "C:\Users\Admin\AppData\Local\Temp\Octo Free Tweaking Utility V1.0.bat"
                                                                                                                                            3⤵
                                                                                                                                              PID:1008
                                                                                                                                          • C:\Windows\system32\powercfg.exe
                                                                                                                                            powercfg -change -monitor-timeout-ac 0
                                                                                                                                            2⤵
                                                                                                                                              PID:292
                                                                                                                                            • C:\Windows\system32\powercfg.exe
                                                                                                                                              powercfg -change -monitor-timeout-dc 0
                                                                                                                                              2⤵
                                                                                                                                              • Power Settings
                                                                                                                                              PID:2340
                                                                                                                                            • C:\Windows\system32\powercfg.exe
                                                                                                                                              powercfg -change -standby-timeout-ac 0
                                                                                                                                              2⤵
                                                                                                                                                PID:576
                                                                                                                                              • C:\Windows\system32\powercfg.exe
                                                                                                                                                powercfg -change -standby-timeout-dc 0
                                                                                                                                                2⤵
                                                                                                                                                  PID:1552
                                                                                                                                                • C:\Windows\system32\powercfg.exe
                                                                                                                                                  powercfg -setactive scheme_max
                                                                                                                                                  2⤵
                                                                                                                                                  • Power Settings
                                                                                                                                                  PID:556
                                                                                                                                                • C:\Windows\system32\powercfg.exe
                                                                                                                                                  powercfg /setacvalueindex scheme_max sub_processor PROCTHROTTLEMAX 100
                                                                                                                                                  2⤵
                                                                                                                                                  • Power Settings
                                                                                                                                                  PID:1652
                                                                                                                                                • C:\Windows\system32\powercfg.exe
                                                                                                                                                  powercfg /setdcvalueindex scheme_max sub_processor PROCTHROTTLEMAX 100
                                                                                                                                                  2⤵
                                                                                                                                                    PID:2056
                                                                                                                                                  • C:\Windows\system32\powercfg.exe
                                                                                                                                                    powercfg /setacvalueindex scheme_max sub_processor PROCTHROTTLEMIN 100
                                                                                                                                                    2⤵
                                                                                                                                                    • Power Settings
                                                                                                                                                    PID:2360
                                                                                                                                                  • C:\Windows\system32\powercfg.exe
                                                                                                                                                    powercfg /setdcvalueindex scheme_max sub_processor PROCTHROTTLEMIN 100
                                                                                                                                                    2⤵
                                                                                                                                                      PID:1976
                                                                                                                                                    • C:\Windows\system32\powercfg.exe
                                                                                                                                                      powercfg /setacvalueindex scheme_max sub_display brightness 100
                                                                                                                                                      2⤵
                                                                                                                                                      • Power Settings
                                                                                                                                                      PID:864
                                                                                                                                                    • C:\Windows\system32\powercfg.exe
                                                                                                                                                      powercfg /setdcvalueindex scheme_max sub_display brightness 100
                                                                                                                                                      2⤵
                                                                                                                                                        PID:860
                                                                                                                                                      • C:\Windows\system32\powercfg.exe
                                                                                                                                                        powercfg /setacvalueindex scheme_max sub_disk disk_idle 0
                                                                                                                                                        2⤵
                                                                                                                                                        • Power Settings
                                                                                                                                                        PID:2508
                                                                                                                                                      • C:\Windows\system32\powercfg.exe
                                                                                                                                                        powercfg /setdcvalueindex scheme_max sub_disk disk_idle 0
                                                                                                                                                        2⤵
                                                                                                                                                          PID:1180
                                                                                                                                                        • C:\Windows\system32\powercfg.exe
                                                                                                                                                          powercfg /setacvalueindex scheme_max sub_disk idle_time 0
                                                                                                                                                          2⤵
                                                                                                                                                          • Power Settings
                                                                                                                                                          PID:1760
                                                                                                                                                        • C:\Windows\system32\powercfg.exe
                                                                                                                                                          powercfg /setdcvalueindex scheme_max sub_disk idle_time 0
                                                                                                                                                          2⤵
                                                                                                                                                            PID:2252
                                                                                                                                                          • C:\Windows\system32\powercfg.exe
                                                                                                                                                            powercfg /setacvalueindex scheme_max sub_usb selective_suspend 0
                                                                                                                                                            2⤵
                                                                                                                                                              PID:2192
                                                                                                                                                            • C:\Windows\system32\powercfg.exe
                                                                                                                                                              powercfg /setdcvalueindex scheme_max sub_usb selective_suspend 0
                                                                                                                                                              2⤵
                                                                                                                                                                PID:2256
                                                                                                                                                              • C:\Windows\system32\powercfg.exe
                                                                                                                                                                powercfg /setacvalueindex scheme_max sub_video adaptive_display 0
                                                                                                                                                                2⤵
                                                                                                                                                                  PID:1548
                                                                                                                                                                • C:\Windows\system32\powercfg.exe
                                                                                                                                                                  powercfg /setdcvalueindex scheme_max sub_video adaptive_display 0
                                                                                                                                                                  2⤵
                                                                                                                                                                    PID:1584
                                                                                                                                                                  • C:\Windows\system32\powercfg.exe
                                                                                                                                                                    powercfg /setacvalueindex scheme_max sub_display brightness 100
                                                                                                                                                                    2⤵
                                                                                                                                                                      PID:2200
                                                                                                                                                                    • C:\Windows\system32\powercfg.exe
                                                                                                                                                                      powercfg /setdcvalueindex scheme_max sub_display brightness 100
                                                                                                                                                                      2⤵
                                                                                                                                                                        PID:1580
                                                                                                                                                                      • C:\Windows\system32\powercfg.exe
                                                                                                                                                                        powercfg /setacvalueindex scheme_max sub_cpu idle_timeout 0
                                                                                                                                                                        2⤵
                                                                                                                                                                          PID:2100
                                                                                                                                                                        • C:\Windows\system32\powercfg.exe
                                                                                                                                                                          powercfg /setdcvalueindex scheme_max sub_cpu idle_timeout 0
                                                                                                                                                                          2⤵
                                                                                                                                                                            PID:3020
                                                                                                                                                                          • C:\Windows\system32\powercfg.exe
                                                                                                                                                                            powercfg /setacvalueindex scheme_max sub_hybrid sleep 0
                                                                                                                                                                            2⤵
                                                                                                                                                                            • Power Settings
                                                                                                                                                                            PID:2432
                                                                                                                                                                          • C:\Windows\system32\powercfg.exe
                                                                                                                                                                            powercfg /setdcvalueindex scheme_max sub_hybrid sleep 0
                                                                                                                                                                            2⤵
                                                                                                                                                                              PID:784
                                                                                                                                                                            • C:\Windows\system32\powercfg.exe
                                                                                                                                                                              powercfg /setacvalueindex scheme_max sub_graphics adaptive_graphics 0
                                                                                                                                                                              2⤵
                                                                                                                                                                              • Power Settings
                                                                                                                                                                              PID:1628
                                                                                                                                                                            • C:\Windows\system32\powercfg.exe
                                                                                                                                                                              powercfg /setdcvalueindex scheme_max sub_graphics adaptive_graphics 0
                                                                                                                                                                              2⤵
                                                                                                                                                                              • Power Settings
                                                                                                                                                                              PID:2696
                                                                                                                                                                            • C:\Windows\system32\powercfg.exe
                                                                                                                                                                              powercfg /setacvalueindex scheme_max sub_processor PERFDISPLAY 0
                                                                                                                                                                              2⤵
                                                                                                                                                                              • Power Settings
                                                                                                                                                                              PID:2784
                                                                                                                                                                            • C:\Windows\system32\powercfg.exe
                                                                                                                                                                              powercfg /setdcvalueindex scheme_max sub_processor PERFDISPLAY 0
                                                                                                                                                                              2⤵
                                                                                                                                                                                PID:2800
                                                                                                                                                                              • C:\Windows\system32\powercfg.exe
                                                                                                                                                                                powercfg /setacvalueindex scheme_max sub_processor PROCFREQUENCY 100
                                                                                                                                                                                2⤵
                                                                                                                                                                                  PID:2808
                                                                                                                                                                                • C:\Windows\system32\powercfg.exe
                                                                                                                                                                                  powercfg /setdcvalueindex scheme_max sub_processor PROCFREQUENCY 100
                                                                                                                                                                                  2⤵
                                                                                                                                                                                  • Power Settings
                                                                                                                                                                                  PID:3064
                                                                                                                                                                                • C:\Windows\system32\powercfg.exe
                                                                                                                                                                                  powercfg /setacvalueindex scheme_max sub_video dynamic_contrast 0
                                                                                                                                                                                  2⤵
                                                                                                                                                                                    PID:3068
                                                                                                                                                                                  • C:\Windows\system32\powercfg.exe
                                                                                                                                                                                    powercfg /setdcvalueindex scheme_max sub_video dynamic_contrast 0
                                                                                                                                                                                    2⤵
                                                                                                                                                                                    • Power Settings
                                                                                                                                                                                    PID:2272
                                                                                                                                                                                  • C:\Windows\system32\powercfg.exe
                                                                                                                                                                                    powercfg /setacvalueindex scheme_max sub_dvd video_speed 100
                                                                                                                                                                                    2⤵
                                                                                                                                                                                      PID:1632
                                                                                                                                                                                    • C:\Windows\system32\powercfg.exe
                                                                                                                                                                                      powercfg /setdcvalueindex scheme_max sub_dvd video_speed 100
                                                                                                                                                                                      2⤵
                                                                                                                                                                                        PID:856
                                                                                                                                                                                      • C:\Windows\system32\powercfg.exe
                                                                                                                                                                                        powercfg /setacvalueindex scheme_max sub_system cooling_policy 1
                                                                                                                                                                                        2⤵
                                                                                                                                                                                          PID:2816
                                                                                                                                                                                        • C:\Windows\system32\powercfg.exe
                                                                                                                                                                                          powercfg /setdcvalueindex scheme_max sub_system cooling_policy 1
                                                                                                                                                                                          2⤵
                                                                                                                                                                                          • Power Settings
                                                                                                                                                                                          PID:2720
                                                                                                                                                                                        • C:\Windows\system32\powercfg.exe
                                                                                                                                                                                          powercfg /setacvalueindex scheme_max sub_system processor_power_policy 1
                                                                                                                                                                                          2⤵
                                                                                                                                                                                            PID:2712
                                                                                                                                                                                          • C:\Windows\system32\powercfg.exe
                                                                                                                                                                                            powercfg /setdcvalueindex scheme_max sub_system processor_power_policy 1
                                                                                                                                                                                            2⤵
                                                                                                                                                                                              PID:3032
                                                                                                                                                                                            • C:\Windows\system32\powercfg.exe
                                                                                                                                                                                              powercfg /setacvalueindex scheme_max sub_memory standby_policy 1
                                                                                                                                                                                              2⤵
                                                                                                                                                                                                PID:2820
                                                                                                                                                                                              • C:\Windows\system32\powercfg.exe
                                                                                                                                                                                                powercfg /setdcvalueindex scheme_max sub_memory standby_policy 1
                                                                                                                                                                                                2⤵
                                                                                                                                                                                                  PID:2824
                                                                                                                                                                                                • C:\Windows\system32\powercfg.exe
                                                                                                                                                                                                  powercfg /setacvalueindex scheme_max sub_system cpu_core 100
                                                                                                                                                                                                  2⤵
                                                                                                                                                                                                    PID:2576
                                                                                                                                                                                                  • C:\Windows\system32\powercfg.exe
                                                                                                                                                                                                    powercfg /setdcvalueindex scheme_max sub_system cpu_core 100
                                                                                                                                                                                                    2⤵
                                                                                                                                                                                                    • Power Settings
                                                                                                                                                                                                    PID:744
                                                                                                                                                                                                  • C:\Windows\system32\powercfg.exe
                                                                                                                                                                                                    powercfg /setacvalueindex scheme_max sub_processor clock_speed 100
                                                                                                                                                                                                    2⤵
                                                                                                                                                                                                      PID:2768
                                                                                                                                                                                                    • C:\Windows\system32\powercfg.exe
                                                                                                                                                                                                      powercfg /setdcvalueindex scheme_max sub_processor clock_speed 100
                                                                                                                                                                                                      2⤵
                                                                                                                                                                                                        PID:2728
                                                                                                                                                                                                      • C:\Windows\system32\powercfg.exe
                                                                                                                                                                                                        powercfg -h off
                                                                                                                                                                                                        2⤵
                                                                                                                                                                                                        • Power Settings
                                                                                                                                                                                                        PID:2172
                                                                                                                                                                                                      • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                        C:\Windows\system32\cmd.exe /c findstr /b ::: "C:\Users\Admin\AppData\Local\Temp\Octo Free Tweaking Utility V1.0.bat"
                                                                                                                                                                                                        2⤵
                                                                                                                                                                                                          PID:2836
                                                                                                                                                                                                          • C:\Windows\system32\findstr.exe
                                                                                                                                                                                                            findstr /b ::: "C:\Users\Admin\AppData\Local\Temp\Octo Free Tweaking Utility V1.0.bat"
                                                                                                                                                                                                            3⤵
                                                                                                                                                                                                              PID:2596
                                                                                                                                                                                                          • C:\Windows\system32\powercfg.exe
                                                                                                                                                                                                            powercfg -change -monitor-timeout-ac 0
                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                              PID:2928
                                                                                                                                                                                                            • C:\Windows\system32\powercfg.exe
                                                                                                                                                                                                              powercfg -change -monitor-timeout-dc 0
                                                                                                                                                                                                              2⤵
                                                                                                                                                                                                                PID:2944
                                                                                                                                                                                                              • C:\Windows\system32\powercfg.exe
                                                                                                                                                                                                                powercfg -change -standby-timeout-ac 0
                                                                                                                                                                                                                2⤵
                                                                                                                                                                                                                • Power Settings
                                                                                                                                                                                                                PID:2592
                                                                                                                                                                                                              • C:\Windows\system32\powercfg.exe
                                                                                                                                                                                                                powercfg -change -standby-timeout-dc 0
                                                                                                                                                                                                                2⤵
                                                                                                                                                                                                                • Power Settings
                                                                                                                                                                                                                PID:1700
                                                                                                                                                                                                              • C:\Windows\system32\powercfg.exe
                                                                                                                                                                                                                powercfg -setactive scheme_max
                                                                                                                                                                                                                2⤵
                                                                                                                                                                                                                • Power Settings
                                                                                                                                                                                                                PID:2704
                                                                                                                                                                                                              • C:\Windows\system32\powercfg.exe
                                                                                                                                                                                                                powercfg /setacvalueindex scheme_max sub_processor PROCTHROTTLEMAX 100
                                                                                                                                                                                                                2⤵
                                                                                                                                                                                                                • Power Settings
                                                                                                                                                                                                                PID:2732
                                                                                                                                                                                                              • C:\Windows\system32\powercfg.exe
                                                                                                                                                                                                                powercfg /setdcvalueindex scheme_max sub_processor PROCTHROTTLEMAX 100
                                                                                                                                                                                                                2⤵
                                                                                                                                                                                                                • Power Settings
                                                                                                                                                                                                                PID:2680
                                                                                                                                                                                                              • C:\Windows\system32\powercfg.exe
                                                                                                                                                                                                                powercfg /setacvalueindex scheme_max sub_processor PROCTHROTTLEMIN 100
                                                                                                                                                                                                                2⤵
                                                                                                                                                                                                                  PID:2804
                                                                                                                                                                                                                • C:\Windows\system32\powercfg.exe
                                                                                                                                                                                                                  powercfg /setdcvalueindex scheme_max sub_processor PROCTHROTTLEMIN 100
                                                                                                                                                                                                                  2⤵
                                                                                                                                                                                                                    PID:2568
                                                                                                                                                                                                                  • C:\Windows\system32\powercfg.exe
                                                                                                                                                                                                                    powercfg /setacvalueindex scheme_max sub_display brightness 100
                                                                                                                                                                                                                    2⤵
                                                                                                                                                                                                                      PID:2564
                                                                                                                                                                                                                    • C:\Windows\system32\powercfg.exe
                                                                                                                                                                                                                      powercfg /setdcvalueindex scheme_max sub_display brightness 100
                                                                                                                                                                                                                      2⤵
                                                                                                                                                                                                                        PID:2584
                                                                                                                                                                                                                      • C:\Windows\system32\powercfg.exe
                                                                                                                                                                                                                        powercfg /setacvalueindex scheme_max sub_disk disk_idle 0
                                                                                                                                                                                                                        2⤵
                                                                                                                                                                                                                          PID:2600
                                                                                                                                                                                                                        • C:\Windows\system32\powercfg.exe
                                                                                                                                                                                                                          powercfg /setdcvalueindex scheme_max sub_disk disk_idle 0
                                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                                          • Power Settings
                                                                                                                                                                                                                          PID:2632
                                                                                                                                                                                                                        • C:\Windows\system32\powercfg.exe
                                                                                                                                                                                                                          powercfg /setacvalueindex scheme_max sub_disk idle_time 0
                                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                                            PID:2644
                                                                                                                                                                                                                          • C:\Windows\system32\powercfg.exe
                                                                                                                                                                                                                            powercfg /setdcvalueindex scheme_max sub_disk idle_time 0
                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                              PID:1840
                                                                                                                                                                                                                            • C:\Windows\system32\powercfg.exe
                                                                                                                                                                                                                              powercfg /setacvalueindex scheme_max sub_usb selective_suspend 0
                                                                                                                                                                                                                              2⤵
                                                                                                                                                                                                                                PID:444
                                                                                                                                                                                                                              • C:\Windows\system32\powercfg.exe
                                                                                                                                                                                                                                powercfg /setdcvalueindex scheme_max sub_usb selective_suspend 0
                                                                                                                                                                                                                                2⤵
                                                                                                                                                                                                                                  PID:2284
                                                                                                                                                                                                                                • C:\Windows\system32\powercfg.exe
                                                                                                                                                                                                                                  powercfg /setacvalueindex scheme_max sub_video adaptive_display 0
                                                                                                                                                                                                                                  2⤵
                                                                                                                                                                                                                                    PID:624
                                                                                                                                                                                                                                  • C:\Windows\system32\powercfg.exe
                                                                                                                                                                                                                                    powercfg /setdcvalueindex scheme_max sub_video adaptive_display 0
                                                                                                                                                                                                                                    2⤵
                                                                                                                                                                                                                                      PID:2448
                                                                                                                                                                                                                                    • C:\Windows\system32\powercfg.exe
                                                                                                                                                                                                                                      powercfg /setacvalueindex scheme_max sub_display brightness 100
                                                                                                                                                                                                                                      2⤵
                                                                                                                                                                                                                                        PID:2088
                                                                                                                                                                                                                                      • C:\Windows\system32\powercfg.exe
                                                                                                                                                                                                                                        powercfg /setdcvalueindex scheme_max sub_display brightness 100
                                                                                                                                                                                                                                        2⤵
                                                                                                                                                                                                                                          PID:2612
                                                                                                                                                                                                                                        • C:\Windows\system32\powercfg.exe
                                                                                                                                                                                                                                          powercfg /setacvalueindex scheme_max sub_cpu idle_timeout 0
                                                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                                                            PID:1108
                                                                                                                                                                                                                                          • C:\Windows\system32\powercfg.exe
                                                                                                                                                                                                                                            powercfg /setdcvalueindex scheme_max sub_cpu idle_timeout 0
                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                              PID:2636
                                                                                                                                                                                                                                            • C:\Windows\system32\powercfg.exe
                                                                                                                                                                                                                                              powercfg /setacvalueindex scheme_max sub_hybrid sleep 0
                                                                                                                                                                                                                                              2⤵
                                                                                                                                                                                                                                                PID:2036
                                                                                                                                                                                                                                              • C:\Windows\system32\powercfg.exe
                                                                                                                                                                                                                                                powercfg /setdcvalueindex scheme_max sub_hybrid sleep 0
                                                                                                                                                                                                                                                2⤵
                                                                                                                                                                                                                                                • Power Settings
                                                                                                                                                                                                                                                PID:2952
                                                                                                                                                                                                                                              • C:\Windows\system32\powercfg.exe
                                                                                                                                                                                                                                                powercfg /setacvalueindex scheme_max sub_graphics adaptive_graphics 0
                                                                                                                                                                                                                                                2⤵
                                                                                                                                                                                                                                                  PID:2628
                                                                                                                                                                                                                                                • C:\Windows\system32\powercfg.exe
                                                                                                                                                                                                                                                  powercfg /setdcvalueindex scheme_max sub_graphics adaptive_graphics 0
                                                                                                                                                                                                                                                  2⤵
                                                                                                                                                                                                                                                  • Power Settings
                                                                                                                                                                                                                                                  PID:2656
                                                                                                                                                                                                                                                • C:\Windows\system32\powercfg.exe
                                                                                                                                                                                                                                                  powercfg /setacvalueindex scheme_max sub_processor PERFDISPLAY 0
                                                                                                                                                                                                                                                  2⤵
                                                                                                                                                                                                                                                  • Power Settings
                                                                                                                                                                                                                                                  PID:2960
                                                                                                                                                                                                                                                • C:\Windows\system32\powercfg.exe
                                                                                                                                                                                                                                                  powercfg /setdcvalueindex scheme_max sub_processor PERFDISPLAY 0
                                                                                                                                                                                                                                                  2⤵
                                                                                                                                                                                                                                                    PID:1604
                                                                                                                                                                                                                                                  • C:\Windows\system32\powercfg.exe
                                                                                                                                                                                                                                                    powercfg /setacvalueindex scheme_max sub_processor PROCFREQUENCY 100
                                                                                                                                                                                                                                                    2⤵
                                                                                                                                                                                                                                                      PID:1660
                                                                                                                                                                                                                                                    • C:\Windows\system32\powercfg.exe
                                                                                                                                                                                                                                                      powercfg /setdcvalueindex scheme_max sub_processor PROCFREQUENCY 100
                                                                                                                                                                                                                                                      2⤵
                                                                                                                                                                                                                                                      • Power Settings
                                                                                                                                                                                                                                                      PID:1612
                                                                                                                                                                                                                                                    • C:\Windows\system32\powercfg.exe
                                                                                                                                                                                                                                                      powercfg /setacvalueindex scheme_max sub_video dynamic_contrast 0
                                                                                                                                                                                                                                                      2⤵
                                                                                                                                                                                                                                                      • Power Settings
                                                                                                                                                                                                                                                      PID:2668
                                                                                                                                                                                                                                                    • C:\Windows\system32\powercfg.exe
                                                                                                                                                                                                                                                      powercfg /setdcvalueindex scheme_max sub_video dynamic_contrast 0
                                                                                                                                                                                                                                                      2⤵
                                                                                                                                                                                                                                                        PID:2856
                                                                                                                                                                                                                                                      • C:\Windows\system32\powercfg.exe
                                                                                                                                                                                                                                                        powercfg /setacvalueindex scheme_max sub_dvd video_speed 100
                                                                                                                                                                                                                                                        2⤵
                                                                                                                                                                                                                                                          PID:2888
                                                                                                                                                                                                                                                        • C:\Windows\system32\powercfg.exe
                                                                                                                                                                                                                                                          powercfg /setdcvalueindex scheme_max sub_dvd video_speed 100
                                                                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                                                                            PID:2744
                                                                                                                                                                                                                                                          • C:\Windows\system32\powercfg.exe
                                                                                                                                                                                                                                                            powercfg /setacvalueindex scheme_max sub_system cooling_policy 1
                                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                                              PID:2852
                                                                                                                                                                                                                                                            • C:\Windows\system32\powercfg.exe
                                                                                                                                                                                                                                                              powercfg /setdcvalueindex scheme_max sub_system cooling_policy 1
                                                                                                                                                                                                                                                              2⤵
                                                                                                                                                                                                                                                                PID:2848
                                                                                                                                                                                                                                                              • C:\Windows\system32\powercfg.exe
                                                                                                                                                                                                                                                                powercfg /setacvalueindex scheme_max sub_system processor_power_policy 1
                                                                                                                                                                                                                                                                2⤵
                                                                                                                                                                                                                                                                  PID:2400
                                                                                                                                                                                                                                                                • C:\Windows\system32\powercfg.exe
                                                                                                                                                                                                                                                                  powercfg /setdcvalueindex scheme_max sub_system processor_power_policy 1
                                                                                                                                                                                                                                                                  2⤵
                                                                                                                                                                                                                                                                    PID:1904
                                                                                                                                                                                                                                                                  • C:\Windows\system32\powercfg.exe
                                                                                                                                                                                                                                                                    powercfg /setacvalueindex scheme_max sub_memory standby_policy 1
                                                                                                                                                                                                                                                                    2⤵
                                                                                                                                                                                                                                                                      PID:2916
                                                                                                                                                                                                                                                                    • C:\Windows\system32\powercfg.exe
                                                                                                                                                                                                                                                                      powercfg /setdcvalueindex scheme_max sub_memory standby_policy 1
                                                                                                                                                                                                                                                                      2⤵
                                                                                                                                                                                                                                                                        PID:2464
                                                                                                                                                                                                                                                                      • C:\Windows\system32\powercfg.exe
                                                                                                                                                                                                                                                                        powercfg /setacvalueindex scheme_max sub_system cpu_core 100
                                                                                                                                                                                                                                                                        2⤵
                                                                                                                                                                                                                                                                          PID:1736
                                                                                                                                                                                                                                                                        • C:\Windows\system32\powercfg.exe
                                                                                                                                                                                                                                                                          powercfg /setdcvalueindex scheme_max sub_system cpu_core 100
                                                                                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                                                                                            PID:1308
                                                                                                                                                                                                                                                                          • C:\Windows\system32\powercfg.exe
                                                                                                                                                                                                                                                                            powercfg /setacvalueindex scheme_max sub_processor clock_speed 100
                                                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                                                              PID:2876
                                                                                                                                                                                                                                                                            • C:\Windows\system32\powercfg.exe
                                                                                                                                                                                                                                                                              powercfg /setdcvalueindex scheme_max sub_processor clock_speed 100
                                                                                                                                                                                                                                                                              2⤵
                                                                                                                                                                                                                                                                                PID:2880
                                                                                                                                                                                                                                                                              • C:\Windows\system32\powercfg.exe
                                                                                                                                                                                                                                                                                powercfg -h off
                                                                                                                                                                                                                                                                                2⤵
                                                                                                                                                                                                                                                                                • Power Settings
                                                                                                                                                                                                                                                                                PID:2748
                                                                                                                                                                                                                                                                              • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                                                                                                C:\Windows\system32\cmd.exe /c findstr /b ::: "C:\Users\Admin\AppData\Local\Temp\Octo Free Tweaking Utility V1.0.bat"
                                                                                                                                                                                                                                                                                2⤵
                                                                                                                                                                                                                                                                                  PID:1616
                                                                                                                                                                                                                                                                                  • C:\Windows\system32\findstr.exe
                                                                                                                                                                                                                                                                                    findstr /b ::: "C:\Users\Admin\AppData\Local\Temp\Octo Free Tweaking Utility V1.0.bat"
                                                                                                                                                                                                                                                                                    3⤵
                                                                                                                                                                                                                                                                                      PID:1144
                                                                                                                                                                                                                                                                                  • C:\Windows\system32\reg.exe
                                                                                                                                                                                                                                                                                    reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SubscribedContent-310093Enabled" /t REG_DWORD /d 0 /f
                                                                                                                                                                                                                                                                                    2⤵
                                                                                                                                                                                                                                                                                      PID:2940
                                                                                                                                                                                                                                                                                    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                      powershell -Command "Get-CimInstance -ClassName Win32_StartupCommand | Remove-CimInstance"
                                                                                                                                                                                                                                                                                      2⤵
                                                                                                                                                                                                                                                                                      • Command and Scripting Interpreter: PowerShell
                                                                                                                                                                                                                                                                                      • Suspicious behavior: EnumeratesProcesses
                                                                                                                                                                                                                                                                                      PID:1880
                                                                                                                                                                                                                                                                                    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                      powershell -Command "Set-Service -Name "wuauserv" -StartupType Disabled # Windows Update Service"
                                                                                                                                                                                                                                                                                      2⤵
                                                                                                                                                                                                                                                                                      • Command and Scripting Interpreter: PowerShell
                                                                                                                                                                                                                                                                                      • Suspicious behavior: EnumeratesProcesses
                                                                                                                                                                                                                                                                                      PID:2996
                                                                                                                                                                                                                                                                                    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                      powershell -Command "Set-Service -Name "Spooler" -StartupType Disabled # Print Spooler"
                                                                                                                                                                                                                                                                                      2⤵
                                                                                                                                                                                                                                                                                      • Command and Scripting Interpreter: PowerShell
                                                                                                                                                                                                                                                                                      • Suspicious behavior: EnumeratesProcesses
                                                                                                                                                                                                                                                                                      PID:2212
                                                                                                                                                                                                                                                                                    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                      powershell -Command "Set-Service -Name "RemoteRegistry" -StartupType Disabled"
                                                                                                                                                                                                                                                                                      2⤵
                                                                                                                                                                                                                                                                                      • Command and Scripting Interpreter: PowerShell
                                                                                                                                                                                                                                                                                      • Suspicious behavior: EnumeratesProcesses
                                                                                                                                                                                                                                                                                      PID:2124
                                                                                                                                                                                                                                                                                    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                      powershell -Command "Set-Service -Name "Superfetch" -StartupType Disabled "
                                                                                                                                                                                                                                                                                      2⤵
                                                                                                                                                                                                                                                                                      • Command and Scripting Interpreter: PowerShell
                                                                                                                                                                                                                                                                                      • Suspicious behavior: EnumeratesProcesses
                                                                                                                                                                                                                                                                                      PID:1128
                                                                                                                                                                                                                                                                                    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                      powershell -Command "Set-Service -Name "WMPNetworkSvc" -StartupType Disabled Set-MpPreference -DisableRealtimeMonitoring $true"
                                                                                                                                                                                                                                                                                      2⤵
                                                                                                                                                                                                                                                                                      • Command and Scripting Interpreter: PowerShell
                                                                                                                                                                                                                                                                                      PID:1592
                                                                                                                                                                                                                                                                                  • C:\Windows\helppane.exe
                                                                                                                                                                                                                                                                                    C:\Windows\helppane.exe -Embedding
                                                                                                                                                                                                                                                                                    1⤵
                                                                                                                                                                                                                                                                                    • Modifies Internet Explorer settings
                                                                                                                                                                                                                                                                                    • Suspicious use of AdjustPrivilegeToken
                                                                                                                                                                                                                                                                                    • Suspicious use of FindShellTrayWindow
                                                                                                                                                                                                                                                                                    • Suspicious use of SetWindowsHookEx
                                                                                                                                                                                                                                                                                    PID:2332

                                                                                                                                                                                                                                                                                  Network

                                                                                                                                                                                                                                                                                  MITRE ATT&CK Enterprise v15

                                                                                                                                                                                                                                                                                  Replay Monitor

                                                                                                                                                                                                                                                                                  Loading Replay Monitor...

                                                                                                                                                                                                                                                                                  Downloads

                                                                                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms

                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                    7KB

                                                                                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                                                                                    ce36a2f713da848eaba3779dfe6b489c

                                                                                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                                                                                    795bf16651611f67950dcf917b321cd452ac7392

                                                                                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                                                                                    9db989accc8b0431f074bf6147a091662518d882ca4871f40dd2176de4362caf

                                                                                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                                                                                    ed51ac72fe95e8719dbbd8f4ee4f3cf66ce8ac33c9133e134c4563eba27f6b36dbd4de162632210f4654d3897742935bf02fa2f1b84d6a3a8410906b96d32bd3

                                                                                                                                                                                                                                                                                  • memory/1880-19-0x000000001B5A0000-0x000000001B882000-memory.dmp

                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                    2.9MB

                                                                                                                                                                                                                                                                                  • memory/1880-20-0x0000000002000000-0x0000000002008000-memory.dmp

                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                    32KB

                                                                                                                                                                                                                                                                                  • memory/2332-0-0x0000000000140000-0x0000000000141000-memory.dmp

                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                    4KB

                                                                                                                                                                                                                                                                                  • memory/2332-14-0x0000000000140000-0x0000000000141000-memory.dmp

                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                    4KB

                                                                                                                                                                                                                                                                                  • memory/2996-26-0x000000001B590000-0x000000001B872000-memory.dmp

                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                    2.9MB

                                                                                                                                                                                                                                                                                  • memory/2996-27-0x0000000001F00000-0x0000000001F08000-memory.dmp

                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                    32KB