5207c0125327c9c4b4508ec553f0514bfb3f21b77264b80b1a1b81135a2bfe7f

Analysis

max time kernel
20s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
14/01/2024, 03:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5a265cbedcc861fa59c051532563b610.exe
Size

40KB
MD5

5a265cbedcc861fa59c051532563b610
SHA1

92acef504ce306474e180fb8c2ec777a8d5d174f
SHA256

5207c0125327c9c4b4508ec553f0514bfb3f21b77264b80b1a1b81135a2bfe7f
SHA512

1cc06f3fb31bbd90003e69427877b313278fd2e8711471c3eaee84195bc5cbeef0c407747191394297ca6a788b36d9934d25c944a9e7298c8696f4701cba5a86
SSDEEP

768:qFB04HzfVsb9Tq8gps2gF7cp2i7NqMLfUGnMGFH1HIewmNLi/A3NaNNn0tr8NNN+:qFBnT6epNgF767NqysGnDfIehNLi/A3l

Score

8^/10

upx

Malware Config

Signatures

Drops file in Drivers directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\drivers\DefragFs.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\drivers\DefragFs.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\drivers\DefragFs.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\drivers\DefragFs.exe	Process not Found
File created	C:\Windows\SysWOW64\drivers\DefragFs.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\drivers\DefragFs.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\drivers\DefragFs.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\drivers\DefragFs.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\drivers\DefragFs.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\drivers\DefragFs.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\drivers\DefragFs.exe	attrib.exe
File opened for modification	C:\Windows\SysWOW64\drivers\a.bat	Process not Found
File opened for modification	C:\Windows\SysWOW64\drivers\DefragFs.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\drivers\DefragFs.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\drivers\DefragFs.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\drivers\DefragFs.exe	attrib.exe
File opened for modification	C:\Windows\SysWOW64\drivers\DefragFs.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\drivers\DefragFs.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\drivers\a.bat	Process not Found
File opened for modification	C:\Windows\SysWOW64\drivers\DefragFs.exe	attrib.exe
File created	C:\Windows\SysWOW64\drivers\DefragFs.exe	5a265cbedcc861fa59c051532563b610.exe
File opened for modification	C:\Windows\SysWOW64\drivers\DefragFs.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\drivers\DefragFs.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\drivers\a.bat	Process not Found
File created	C:\Windows\SysWOW64\drivers\DefragFs.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\drivers\DefragFs.exe	Process not Found
File created	C:\Windows\SysWOW64\drivers\DefragFs.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\drivers\DefragFs.exe	attrib.exe
File opened for modification	C:\Windows\SysWOW64\drivers\DefragFs.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\drivers\a.bat	Process not Found
File opened for modification	C:\Windows\SysWOW64\drivers\DefragFs.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\drivers\DefragFs.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\drivers\DefragFs.exe	Process not Found
File created	C:\Windows\SysWOW64\drivers\DefragFs.exe	DefragFs.exe
File opened for modification	C:\Windows\SysWOW64\drivers\DefragFs.exe	attrib.exe
File opened for modification	C:\Windows\SysWOW64\drivers\a.bat	Process not Found
File opened for modification	C:\Windows\SysWOW64\drivers\DefragFs.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\drivers\DefragFs.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\drivers\DefragFs.exe	attrib.exe
File opened for modification	C:\Windows\SysWOW64\drivers\DefragFs.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\drivers\DefragFs.exe	attrib.exe
File opened for modification	C:\Windows\SysWOW64\drivers\DefragFs.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\drivers\DefragFs.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\drivers\DefragFs.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\drivers\a.bat	Process not Found
File opened for modification	C:\Windows\SysWOW64\drivers\DefragFs.exe	attrib.exe
File opened for modification	C:\Windows\SysWOW64\drivers\DefragFs.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\drivers\a.bat	Process not Found
File opened for modification	C:\Windows\SysWOW64\drivers\DefragFs.exe	attrib.exe
File opened for modification	C:\Windows\SysWOW64\drivers\DefragFs.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\drivers\DefragFs.exe	Process not Found
File created	C:\Windows\SysWOW64\drivers\DefragFs.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\drivers\DefragFs.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\drivers\DefragFs.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\drivers\DefragFs.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\drivers\DefragFs.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\drivers\DefragFs.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\drivers\DefragFs.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\drivers\a.bat	Process not Found
File created	C:\Windows\SysWOW64\drivers\DefragFs.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\drivers\DefragFs.exe	attrib.exe
File opened for modification	C:\Windows\SysWOW64\drivers\DefragFs.exe	Process not Found
File created	C:\Windows\SysWOW64\drivers\DefragFs.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\drivers\a.bat	Process not Found

Executes dropped EXE 64 IoCs

pid	Process
4592	Process not Found
2252	Process not Found
116	Process not Found
4524	Process not Found
636	DefragFs.exe
2420	Process not Found
444	Process not Found
4920	Process not Found
2596	Process not Found
2172	Process not Found
4676	Process not Found
5096	Process not Found
3236	DefragFs.exe
1452	Process not Found
4584	Process not Found
3912	Process not Found
3972	Process not Found
1556	Process not Found
3384	Process not Found
4924	Process not Found
2372	Process not Found
4972	Process not Found
3040	DefragFs.exe
5052	Process not Found
1996	Process not Found
1452	Process not Found
2916	Process not Found
2244	Process not Found
5052	Process not Found
220	Process not Found
4480	Process not Found
3032	DefragFs.exe
4308	Process not Found
4012	Process not Found
3676	Process not Found
5168	Process not Found
5316	Process not Found
5440	Process not Found
5592	Process not Found
5792	Process not Found
6004	Process not Found
5128	Process not Found
5336	Process not Found
5604	Process not Found
5748	DefragFs.exe
6104	Process not Found
5304	Process not Found
5824	Process not Found
5616	Process not Found
2964	Process not Found
6104	Process not Found
5932	Process not Found
4592	Process not Found
4744	Process not Found
5720	Process not Found
6084	Process not Found
6060	Process not Found
5200	Process not Found
6340	Process not Found
6556	Process not Found
6816	Process not Found
7048	Process not Found
6224	Process not Found
6532	Process not Found

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1368-0-0x0000000000400000-0x0000000000423000-memory.dmp	upx
behavioral2/memory/4592-9-0x0000000000400000-0x0000000000423000-memory.dmp	upx
behavioral2/memory/1368-21-0x0000000000400000-0x0000000000423000-memory.dmp	upx
behavioral2/memory/2252-28-0x0000000000400000-0x0000000000423000-memory.dmp	upx
behavioral2/files/0x0007000000023218-85.dat	upx
behavioral2/memory/5096-102-0x0000000000400000-0x0000000000423000-memory.dmp	upx
behavioral2/memory/4924-158-0x0000000000400000-0x0000000000423000-memory.dmp	upx
behavioral2/memory/5052-183-0x0000000000400000-0x0000000000423000-memory.dmp	upx
behavioral2/memory/5168-256-0x0000000000400000-0x0000000000423000-memory.dmp	upx
behavioral2/memory/8596-817-0x0000000000400000-0x0000000000423000-memory.dmp	upx
behavioral2/memory/2936-828-0x0000000000400000-0x0000000000423000-memory.dmp	upx
behavioral2/memory/10172-805-0x0000000000400000-0x0000000000423000-memory.dmp	upx
behavioral2/memory/9088-800-0x0000000000400000-0x0000000000423000-memory.dmp	upx
behavioral2/memory/10056-748-0x0000000000400000-0x0000000000423000-memory.dmp	upx
behavioral2/memory/7884-684-0x0000000000400000-0x0000000000423000-memory.dmp	upx
behavioral2/memory/10456-859-0x0000000000400000-0x0000000000423000-memory.dmp	upx
behavioral2/memory/8296-642-0x0000000000400000-0x0000000000423000-memory.dmp	upx
behavioral2/memory/8968-626-0x0000000000400000-0x0000000000423000-memory.dmp	upx
behavioral2/memory/6764-564-0x0000000000400000-0x0000000000423000-memory.dmp	upx
behavioral2/memory/6844-518-0x0000000000400000-0x0000000000423000-memory.dmp	upx
behavioral2/memory/7596-512-0x0000000000400000-0x0000000000423000-memory.dmp	upx
behavioral2/memory/8116-495-0x0000000000400000-0x0000000000423000-memory.dmp	upx
behavioral2/memory/7288-479-0x0000000000400000-0x0000000000423000-memory.dmp	upx
behavioral2/memory/3676-453-0x0000000000400000-0x0000000000423000-memory.dmp	upx
behavioral2/memory/5736-441-0x0000000000400000-0x0000000000423000-memory.dmp	upx
behavioral2/memory/6844-435-0x0000000000400000-0x0000000000423000-memory.dmp	upx
behavioral2/memory/6752-404-0x0000000000400000-0x0000000000423000-memory.dmp	upx
behavioral2/memory/6532-398-0x0000000000400000-0x0000000000423000-memory.dmp	upx
behavioral2/memory/6224-392-0x0000000000400000-0x0000000000423000-memory.dmp	upx
behavioral2/memory/6060-362-0x0000000000400000-0x0000000000423000-memory.dmp	upx
behavioral2/memory/6084-357-0x0000000000400000-0x0000000000423000-memory.dmp	upx
behavioral2/memory/6104-331-0x0000000000400000-0x0000000000423000-memory.dmp	upx
behavioral2/memory/2964-326-0x0000000000400000-0x0000000000423000-memory.dmp	upx
behavioral2/memory/5304-311-0x0000000000400000-0x0000000000423000-memory.dmp	upx
behavioral2/memory/5604-296-0x0000000000400000-0x0000000000423000-memory.dmp	upx
behavioral2/memory/5128-286-0x0000000000400000-0x0000000000423000-memory.dmp	upx
behavioral2/memory/5792-276-0x0000000000400000-0x0000000000423000-memory.dmp	upx
behavioral2/memory/5592-271-0x0000000000400000-0x0000000000423000-memory.dmp	upx
behavioral2/memory/5440-266-0x0000000000400000-0x0000000000423000-memory.dmp	upx
behavioral2/memory/5316-261-0x0000000000400000-0x0000000000423000-memory.dmp	upx
behavioral2/memory/3676-251-0x0000000000400000-0x0000000000423000-memory.dmp	upx
behavioral2/memory/4012-246-0x0000000000400000-0x0000000000423000-memory.dmp	upx
behavioral2/memory/4308-241-0x0000000000400000-0x0000000000423000-memory.dmp	upx
behavioral2/memory/3032-236-0x0000000000400000-0x0000000000423000-memory.dmp	upx
behavioral2/memory/220-225-0x0000000000400000-0x0000000000423000-memory.dmp	upx
behavioral2/memory/2244-211-0x0000000000400000-0x0000000000423000-memory.dmp	upx
behavioral2/memory/2916-204-0x0000000000400000-0x0000000000423000-memory.dmp	upx
behavioral2/memory/1996-190-0x0000000000400000-0x0000000000423000-memory.dmp	upx
behavioral2/memory/3040-176-0x0000000000400000-0x0000000000423000-memory.dmp	upx
behavioral2/memory/3384-151-0x0000000000400000-0x0000000000423000-memory.dmp	upx
behavioral2/memory/3972-137-0x0000000000400000-0x0000000000423000-memory.dmp	upx
behavioral2/memory/3912-130-0x0000000000400000-0x0000000000423000-memory.dmp	upx
behavioral2/memory/4584-122-0x0000000000400000-0x0000000000423000-memory.dmp	upx
behavioral2/memory/1452-116-0x0000000000400000-0x0000000000423000-memory.dmp	upx
behavioral2/memory/3236-109-0x0000000000400000-0x0000000000423000-memory.dmp	upx
behavioral2/memory/4676-95-0x0000000000400000-0x0000000000423000-memory.dmp	upx
behavioral2/memory/3236-94-0x0000000000400000-0x0000000000423000-memory.dmp	upx
behavioral2/memory/2172-86-0x0000000000400000-0x0000000000423000-memory.dmp	upx
behavioral2/memory/2596-80-0x0000000000400000-0x0000000000423000-memory.dmp	upx
behavioral2/memory/4920-73-0x0000000000400000-0x0000000000423000-memory.dmp	upx
behavioral2/memory/444-66-0x0000000000400000-0x0000000000423000-memory.dmp	upx
behavioral2/memory/2420-57-0x0000000000400000-0x0000000000423000-memory.dmp	upx
behavioral2/memory/636-51-0x0000000000400000-0x0000000000423000-memory.dmp	upx
behavioral2/memory/4524-44-0x0000000000400000-0x0000000000423000-memory.dmp	upx

Program crash 4 IoCs

pid	pid_target	Process	procid_target
14060	13808	Process not Found
12904	12336	Process not Found	3375
10636	13168	Process not Found	4117
7112	11192	Process not Found	4359

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1368	5a265cbedcc861fa59c051532563b610.exe
4592	Process not Found
2252	Process not Found
116	Process not Found
4524	Process not Found
636	DefragFs.exe
2420	Process not Found
444	Process not Found
4920	Process not Found
2596	Process not Found
2172	Process not Found
4676	Process not Found
5096	Process not Found
3236	DefragFs.exe
1452	Process not Found
4584	Process not Found
3912	Process not Found
3972	Process not Found
1556	Process not Found
3384	Process not Found
4924	Process not Found
2372	Process not Found
4972	Process not Found
3040	DefragFs.exe
5052	Process not Found
1996	Process not Found
1452	Process not Found
2916	Process not Found
2244	Process not Found
5052	Process not Found
220	Process not Found
4480	Process not Found
3032	DefragFs.exe
4308	Process not Found
4012	Process not Found
3676	Process not Found
5168	Process not Found
5316	Process not Found
5440	Process not Found
5592	Process not Found
5792	Process not Found
6004	Process not Found
5128	Process not Found
5336	Process not Found
5604	Process not Found
5748	DefragFs.exe
6104	Process not Found
5304	Process not Found
5824	Process not Found
5616	Process not Found
2964	Process not Found
6104	Process not Found
5932	Process not Found
4592	Process not Found
4744	Process not Found
5720	Process not Found
6084	Process not Found
6060	Process not Found
5200	Process not Found
6340	Process not Found
6556	Process not Found
6816	Process not Found
7048	Process not Found
6224	Process not Found

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1368 wrote to memory of 4592	1368	5a265cbedcc861fa59c051532563b610.exe	2483
PID 1368 wrote to memory of 4592	1368	5a265cbedcc861fa59c051532563b610.exe	2483
PID 1368 wrote to memory of 4592	1368	5a265cbedcc861fa59c051532563b610.exe	2483
PID 4592 wrote to memory of 2252	4592	Process not Found	2482
PID 4592 wrote to memory of 2252	4592	Process not Found	2482
PID 4592 wrote to memory of 2252	4592	Process not Found	2482
PID 2252 wrote to memory of 116	2252	Process not Found	2481
PID 2252 wrote to memory of 116	2252	Process not Found	2481
PID 2252 wrote to memory of 116	2252	Process not Found	2481
PID 4592 wrote to memory of 4508	4592	Process not Found	19
PID 4592 wrote to memory of 4508	4592	Process not Found	19
PID 4592 wrote to memory of 4508	4592	Process not Found	19
PID 1368 wrote to memory of 4200	1368	5a265cbedcc861fa59c051532563b610.exe	2479
PID 1368 wrote to memory of 4200	1368	5a265cbedcc861fa59c051532563b610.exe	2479
PID 1368 wrote to memory of 4200	1368	5a265cbedcc861fa59c051532563b610.exe	2479
PID 2252 wrote to memory of 4884	2252	Process not Found	2477
PID 2252 wrote to memory of 4884	2252	Process not Found	2477
PID 2252 wrote to memory of 4884	2252	Process not Found	2477
PID 116 wrote to memory of 4524	116	Process not Found	2476
PID 116 wrote to memory of 4524	116	Process not Found	2476
PID 116 wrote to memory of 4524	116	Process not Found	2476
PID 4200 wrote to memory of 5016	4200	Process not Found	2474
PID 4200 wrote to memory of 5016	4200	Process not Found	2474
PID 4200 wrote to memory of 5016	4200	Process not Found	2474
PID 4508 wrote to memory of 2036	4508	cmd.exe	2473
PID 4508 wrote to memory of 2036	4508	cmd.exe	2473
PID 4508 wrote to memory of 2036	4508	cmd.exe	2473
PID 116 wrote to memory of 2504	116	Process not Found	2472
PID 116 wrote to memory of 2504	116	Process not Found	2472
PID 116 wrote to memory of 2504	116	Process not Found	2472
PID 4524 wrote to memory of 636	4524	Process not Found	20
PID 4524 wrote to memory of 636	4524	Process not Found	20
PID 4524 wrote to memory of 636	4524	Process not Found	20
PID 4884 wrote to memory of 4308	4884	Process not Found	2466
PID 4884 wrote to memory of 4308	4884	Process not Found	2466
PID 4884 wrote to memory of 4308	4884	Process not Found	2466
PID 4884 wrote to memory of 5116	4884	Process not Found	2465
PID 4884 wrote to memory of 5116	4884	Process not Found	2465
PID 4884 wrote to memory of 5116	4884	Process not Found	2465
PID 4524 wrote to memory of 4516	4524	Process not Found	2464
PID 4524 wrote to memory of 4516	4524	Process not Found	2464
PID 4524 wrote to memory of 4516	4524	Process not Found	2464
PID 636 wrote to memory of 2420	636	DefragFs.exe	2463
PID 636 wrote to memory of 2420	636	DefragFs.exe	2463
PID 636 wrote to memory of 2420	636	DefragFs.exe	2463
PID 4884 wrote to memory of 4816	4884	Process not Found	2462
PID 4884 wrote to memory of 4816	4884	Process not Found	2462
PID 4884 wrote to memory of 4816	4884	Process not Found	2462
PID 4884 wrote to memory of 3016	4884	Process not Found	4438
PID 4884 wrote to memory of 3016	4884	Process not Found	4438
PID 4884 wrote to memory of 3016	4884	Process not Found	4438
PID 4884 wrote to memory of 396	4884	Process not Found	2459
PID 4884 wrote to memory of 396	4884	Process not Found	2459
PID 4884 wrote to memory of 396	4884	Process not Found	2459
PID 2504 wrote to memory of 4196	2504	Process not Found	5032
PID 2504 wrote to memory of 4196	2504	Process not Found	5032
PID 2504 wrote to memory of 4196	2504	Process not Found	5032
PID 636 wrote to memory of 3208	636	DefragFs.exe	2457
PID 636 wrote to memory of 3208	636	DefragFs.exe	2457
PID 636 wrote to memory of 3208	636	DefragFs.exe	2457
PID 2420 wrote to memory of 444	2420	Process not Found	2456
PID 2420 wrote to memory of 444	2420	Process not Found	2456
PID 2420 wrote to memory of 444	2420	Process not Found	2456
PID 4884 wrote to memory of 1916	4884	Process not Found	2455

Views/modifies file attributes 1 TTPs 64 IoCs

evasion

Hidden Files and Directories

T1564.001

pid	Process
11580	Process not Found
6464	Process not Found
2576	Process not Found
13280	Process not Found
13464	Process not Found
13188	Process not Found
11872	Process not Found
11028	Process not Found
1896	Process not Found
12512	Process not Found
10284	Process not Found
13520	Process not Found
6448	attrib.exe
11076	attrib.exe
10996	Process not Found
12912	Process not Found
13588	Process not Found
2936	Process not Found
10180	attrib.exe
12128	Process not Found
14328	Process not Found
9252	attrib.exe
14004	Process not Found
11896	Process not Found
7552	Process not Found
5984	Process not Found
10936	Process not Found
11472	Process not Found
12944	Process not Found
5840	Process not Found
10612	Process not Found
8416	Process not Found
10136	attrib.exe
13032	Process not Found
8248	attrib.exe
6404	Process not Found
7208	Process not Found
9088	Process not Found
13592	Process not Found
12188	Process not Found
1932	Process not Found
14208	Process not Found
14184	Process not Found
11056	Process not Found
12128	Process not Found
12704	Process not Found
8024	attrib.exe
6572	attrib.exe
14096	Process not Found
13748	Process not Found
13544	Process not Found
12344	Process not Found
7804	Process not Found
11772	Process not Found
6552	Process not Found
11616	Process not Found
14028	Process not Found
10676	Process not Found
8480	attrib.exe
6996	Process not Found
6724	Process not Found
12768	Process not Found
12384	Process not Found
6260	Process not Found

C:\Users\Admin\AppData\Local\Temp\5a265cbedcc861fa59c051532563b610.exe
"C:\Users\Admin\AppData\Local\Temp\5a265cbedcc861fa59c051532563b610.exe"
1⤵
- Drops file in Drivers directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1368

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Windows\SysWOW64\drivers\a.bat
1⤵
- Suspicious use of WriteProcessMemory
PID:4508
- C:\Windows\SysWOW64\attrib.exe
  attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
  2⤵
  PID:6624
- C:\Windows\SysWOW64\attrib.exe
  attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
  2⤵
  PID:6940
- C:\Windows\SysWOW64\attrib.exe
  attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
  2⤵
  PID:7708
- C:\Windows\SysWOW64\attrib.exe
  attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
  2⤵
  PID:8928
- C:\Windows\SysWOW64\attrib.exe
  attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
  2⤵
  PID:5128
- C:\Windows\SysWOW64\attrib.exe
  attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
  2⤵
  PID:6680
- C:\Windows\SysWOW64\attrib.exe
  attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
  2⤵
  PID:11124
- C:\Windows\SysWOW64\attrib.exe
  attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
  2⤵
  PID:3764
- C:\Windows\SysWOW64\attrib.exe
  attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
  2⤵
  PID:7708

C:\Windows\SysWOW64\drivers\DefragFs.exe
C:\Windows\system32\drivers\DefragFs.exe
1⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:636

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:720

C:\Windows\SysWOW64\drivers\DefragFs.exe
C:\Windows\system32\drivers\DefragFs.exe
1⤵
PID:4920

C:\Windows\SysWOW64\drivers\DefragFs.exe
C:\Windows\system32\drivers\DefragFs.exe
1⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3236

C:\Windows\SysWOW64\drivers\DefragFs.exe
C:\Windows\system32\drivers\DefragFs.exe
1⤵
PID:4584

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:5048

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
- Drops file in Drivers directory
PID:3932

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:2720

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:4244

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:380

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:4696

C:\Windows\SysWOW64\drivers\DefragFs.exe
C:\Windows\system32\drivers\DefragFs.exe
1⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3040

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:5008

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:2260

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:996

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:1996

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:768

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:452

C:\Windows\SysWOW64\drivers\DefragFs.exe
C:\Windows\system32\drivers\DefragFs.exe
1⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3032

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:2680

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:768

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:3684

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:4592
- C:\Windows\SysWOW64\attrib.exe
  attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
  2⤵
  PID:9528
- C:\Windows\SysWOW64\attrib.exe
  attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
  2⤵
  PID:10100
- C:\Windows\SysWOW64\attrib.exe
  attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
  2⤵
  PID:8088
- C:\Windows\SysWOW64\attrib.exe
  attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
  2⤵
  PID:8900
- C:\Windows\SysWOW64\attrib.exe
  attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
  2⤵
  PID:9032
- C:\Windows\SysWOW64\attrib.exe
  attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
  2⤵
  PID:9036

C:\Windows\SysWOW64\drivers\DefragFs.exe
C:\Windows\system32\drivers\DefragFs.exe
1⤵
PID:5592

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:5608

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:5712

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:5860
- C:\Windows\SysWOW64\attrib.exe
  attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
  2⤵
  PID:6552
- C:\Windows\SysWOW64\attrib.exe
  attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
  2⤵
  PID:7996
- C:\Windows\SysWOW64\attrib.exe
  attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
  2⤵
  PID:8892
- C:\Windows\SysWOW64\attrib.exe
  attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
  2⤵
  PID:10160
- C:\Windows\SysWOW64\attrib.exe
  attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
  2⤵
  PID:9560
- C:\Windows\SysWOW64\attrib.exe
  attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
  2⤵
  PID:8824
- C:\Windows\SysWOW64\attrib.exe
  attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
  2⤵
  PID:9732
- C:\Windows\SysWOW64\attrib.exe
  attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
  2⤵
  PID:6764

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:6132

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:5228

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:5356
- C:\Windows\SysWOW64\attrib.exe
  attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
  2⤵
  PID:6692
- C:\Windows\SysWOW64\attrib.exe
  attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
  2⤵
  PID:8432
- C:\Windows\SysWOW64\attrib.exe
  attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
  2⤵
  PID:9252
- C:\Windows\SysWOW64\attrib.exe
  attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
  2⤵
  PID:3036
- C:\Windows\SysWOW64\attrib.exe
  attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
  2⤵
  PID:9376
- C:\Windows\SysWOW64\attrib.exe
  attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
  2⤵
  - Views/modifies file attributes
  PID:9252
- C:\Windows\SysWOW64\attrib.exe
  attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
  2⤵
  PID:9028

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:5516
- C:\Windows\SysWOW64\attrib.exe
  attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
  2⤵
  PID:6744
- C:\Windows\SysWOW64\attrib.exe
  attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
  2⤵
  PID:8844
- C:\Windows\SysWOW64\attrib.exe
  attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
  2⤵
  PID:9068
- C:\Windows\SysWOW64\attrib.exe
  attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
  2⤵
  PID:9820
- C:\Windows\SysWOW64\attrib.exe
  attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
  2⤵
  PID:10316
- C:\Windows\SysWOW64\attrib.exe
  attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
  2⤵
  PID:7952
- C:\Windows\SysWOW64\attrib.exe
  attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
  2⤵
  PID:5408

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:5608

C:\Windows\SysWOW64\drivers\DefragFs.exe
C:\Windows\system32\drivers\DefragFs.exe
1⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:5748

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:5900

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:5952

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:5284

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:6132

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:5268

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:5960

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:5328

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:5976

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
- Drops file in Drivers directory
PID:6056

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:6028

C:\Windows\SysWOW64\drivers\DefragFs.exe
C:\Windows\system32\drivers\DefragFs.exe
1⤵
PID:5720

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:5912

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:5760

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:6256

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:6492

C:\Windows\SysWOW64\drivers\DefragFs.exe
C:\Windows\system32\drivers\DefragFs.exe
1⤵
PID:6556
- C:\Windows\SysWOW64\drivers\DefragFs.exe
  C:\Windows\system32\drivers\DefragFs.exe
  2⤵
  PID:6816

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:6748

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:6232

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:6460

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:6748

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:6884

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:7100

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:5824

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:6460

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:6680

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:6980

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Windows\SysWOW64\drivers\a.bat
1⤵
PID:6780
- C:\Windows\SysWOW64\attrib.exe
  attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
  2⤵
  PID:7096
- C:\Windows\SysWOW64\attrib.exe
  attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
  2⤵
  PID:5500
- C:\Windows\SysWOW64\attrib.exe
  attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
  2⤵
  PID:7448
- C:\Windows\SysWOW64\attrib.exe
  attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
  2⤵
  PID:9992
- C:\Windows\SysWOW64\attrib.exe
  attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
  2⤵
  PID:9920
- C:\Windows\SysWOW64\attrib.exe
  attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
  2⤵
  PID:8640
- C:\Windows\SysWOW64\attrib.exe
  attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
  2⤵
  - Drops file in Drivers directory
  PID:8840

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:5488

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:6408

C:\Windows\SysWOW64\drivers\DefragFs.exe
C:\Windows\system32\drivers\DefragFs.exe
1⤵
PID:6844

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:6940

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:5768

C:\Windows\SysWOW64\drivers\DefragFs.exe
C:\Windows\system32\drivers\DefragFs.exe
1⤵
PID:6236
- C:\Windows\SysWOW64\attrib.exe
  attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
  2⤵
  PID:10040
- C:\Windows\SysWOW64\attrib.exe
  attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
  2⤵
  PID:10696
- C:\Windows\SysWOW64\attrib.exe
  attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
  2⤵
  PID:9584
- C:\Windows\SysWOW64\attrib.exe
  attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
  2⤵
  PID:9932
- C:\Windows\SysWOW64\attrib.exe
  attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
  2⤵
  PID:8388
- C:\Windows\SysWOW64\attrib.exe
  attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
  2⤵
  PID:9196
- C:\Windows\SysWOW64\attrib.exe
  attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
  2⤵
  PID:8868

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:5704

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:6940

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:6396

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:6880

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:6648

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:6788

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:6448

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
- Drops file in Drivers directory
PID:7524

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:7668

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:7824

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8040

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8060

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:5824

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:7544

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:7600

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:7492

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:6704

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:7460

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:7316

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:7872

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:6520
- C:\Windows\SysWOW64\attrib.exe
  attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
  2⤵
  PID:7896
- C:\Windows\SysWOW64\attrib.exe
  attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
  2⤵
  PID:6940
- C:\Windows\SysWOW64\attrib.exe
  attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
  2⤵
  PID:8304
- C:\Windows\SysWOW64\attrib.exe
  attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
  2⤵
  PID:5956
- C:\Windows\SysWOW64\attrib.exe
  attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
  2⤵
  PID:6032
- - C:\Windows\SysWOW64\attrib.exe
    attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
    3⤵
    PID:9212
- C:\Windows\SysWOW64\attrib.exe
  attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
  2⤵
  PID:9096

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:7460

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8076

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:7852

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:6260

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:7808

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
- Views/modifies file attributes
PID:6448

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:5184
- C:\Windows\SysWOW64\drivers\DefragFs.exe
  C:\Windows\system32\drivers\DefragFs.exe
  2⤵
  PID:7952

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:7176

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:5700

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:6404

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:6848

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8304

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9088

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9192

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8676

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9196

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:7720

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8672
- C:\Windows\SysWOW64\attrib.exe
  attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
  2⤵
  PID:8856
- C:\Windows\SysWOW64\attrib.exe
  attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
  2⤵
  PID:9656
- C:\Windows\SysWOW64\attrib.exe
  attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
  2⤵
  PID:10564
- C:\Windows\SysWOW64\attrib.exe
  attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
  2⤵
  - Drops file in Drivers directory
  PID:9280
- C:\Windows\SysWOW64\attrib.exe
  attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
  2⤵
  PID:7820

C:\Windows\SysWOW64\drivers\DefragFs.exe
C:\Windows\system32\drivers\DefragFs.exe
1⤵
PID:7472

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:7288
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Windows\SysWOW64\drivers\a.bat
  2⤵
  PID:9456
- C:\Windows\SysWOW64\drivers\DefragFs.exe
  C:\Windows\system32\drivers\DefragFs.exe
  2⤵
  PID:9224

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9044

C:\Windows\SysWOW64\drivers\DefragFs.exe
C:\Windows\system32\drivers\DefragFs.exe
1⤵
PID:8824

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8412

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
- Views/modifies file attributes
PID:8248

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8280

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8364

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:7952

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:7028

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:6148

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8984

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8720

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:6712

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8252

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8272

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8696

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9124

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:4156

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:6724

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:1060

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9148

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:4156

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9080

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:692

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9240

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9276

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9344

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9476

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9764

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
- Views/modifies file attributes
PID:10180

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9616

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8772

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9528

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9680

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9816

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:10080

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9224
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Windows\SysWOW64\drivers\a.bat
  2⤵
  PID:9796
- C:\Windows\SysWOW64\drivers\DefragFs.exe
  C:\Windows\system32\drivers\DefragFs.exe
  2⤵
  PID:9464

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:10040

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:10008
- C:\Windows\System32\Conhost.exe
  \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
  2⤵
  PID:9596

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9256

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:10172

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8364

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9452

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:10108

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8376

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:7748

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9256

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8180

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9280

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:1068

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:10032

C:\Windows\SysWOW64\drivers\DefragFs.exe
C:\Windows\system32\drivers\DefragFs.exe
1⤵
PID:10224
- C:\Windows\SysWOW64\drivers\DefragFs.exe
  C:\Windows\system32\drivers\DefragFs.exe
  2⤵
  PID:9088
- - C:\Windows\SysWOW64\drivers\DefragFs.exe
    C:\Windows\system32\drivers\DefragFs.exe
    3⤵
    PID:10172
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\Windows\SysWOW64\drivers\a.bat
      4⤵
      PID:9700
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
        5⤵
        
        PID:9220
  - - C:\Windows\SysWOW64\drivers\DefragFs.exe
      C:\Windows\system32\drivers\DefragFs.exe
      4⤵
      PID:8380
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Windows\SysWOW64\drivers\a.bat
  2⤵
  PID:9720
- - C:\Windows\SysWOW64\attrib.exe
    attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
    3⤵
    PID:7176
- - C:\Windows\SysWOW64\attrib.exe
    attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
    3⤵
    PID:9624

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9468

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Windows\SysWOW64\drivers\a.bat
1⤵
PID:10116
- C:\Windows\SysWOW64\attrib.exe
  attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
  2⤵
  PID:1160

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9492

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8104

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9372

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9804
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Windows\SysWOW64\drivers\a.bat
  2⤵
  PID:8716
- C:\Windows\SysWOW64\drivers\DefragFs.exe
  C:\Windows\system32\drivers\DefragFs.exe
  2⤵
  PID:10212

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8732

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9604

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:7472

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:10164

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9880
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Windows\SysWOW64\drivers\a.bat
  2⤵
  PID:4212
- C:\Windows\SysWOW64\drivers\DefragFs.exe
  C:\Windows\system32\drivers\DefragFs.exe
  2⤵
  PID:6248

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9416

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9864

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9512

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:10032

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:10024

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9324

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:7516

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8832

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:6760

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8312

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9920

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9332

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9180

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8916

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8596
- C:\Windows\SysWOW64\drivers\DefragFs.exe
  C:\Windows\system32\drivers\DefragFs.exe
  2⤵
  PID:9844
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\Windows\SysWOW64\drivers\a.bat
    3⤵
    PID:9508
- - C:\Windows\SysWOW64\drivers\DefragFs.exe
    C:\Windows\system32\drivers\DefragFs.exe
    3⤵
    PID:2936
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Windows\SysWOW64\drivers\a.bat
  2⤵
  PID:8868

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:10180

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:680

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:5128

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9992

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:7608

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9128

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9968

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Windows\SysWOW64\drivers\a.bat
1⤵
PID:9904
- C:\Windows\SysWOW64\attrib.exe
  attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
  2⤵
  PID:9412
- C:\Windows\SysWOW64\attrib.exe
  attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
  2⤵
  PID:10632

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9020

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8984

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8316

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9780

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8844

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:10076

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:7884

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8292

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9420

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8868
- C:\Windows\SysWOW64\attrib.exe
  attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
  2⤵
  PID:6940

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9276

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9320

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8276

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9240

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9664

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9668

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:7448

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9256

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:10000

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9908

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8496
- C:\Windows\SysWOW64\drivers\DefragFs.exe
  C:\Windows\system32\drivers\DefragFs.exe
  2⤵
  PID:9336
- - C:\Windows\SysWOW64\drivers\DefragFs.exe
    C:\Windows\system32\drivers\DefragFs.exe
    3⤵
    PID:8476
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Windows\SysWOW64\drivers\a.bat
  2⤵
  PID:464
- - C:\Windows\SysWOW64\attrib.exe
    attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
    3⤵
    PID:9272

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8304

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9244

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9120

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8764

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:10216

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:680
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Windows\SysWOW64\drivers\a.bat
  2⤵
  PID:9684
- C:\Windows\SysWOW64\drivers\DefragFs.exe
  C:\Windows\system32\drivers\DefragFs.exe
  2⤵
  PID:9232

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:10092

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9480

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9096

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9324

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:10040

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:7516
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Windows\SysWOW64\drivers\a.bat
  2⤵
  PID:8880
- C:\Windows\SysWOW64\drivers\DefragFs.exe
  C:\Windows\system32\drivers\DefragFs.exe
  2⤵
  PID:680

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:4864

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:10176

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9420

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8324

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:7176

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9864

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8500

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9420

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:10248

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8220

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9096

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9088

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8604

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:7184
- C:\Windows\SysWOW64\attrib.exe
  attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
  2⤵
  PID:9740
- C:\Windows\SysWOW64\attrib.exe
  attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
  2⤵
  PID:7460
- C:\Windows\SysWOW64\attrib.exe
  attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
  2⤵
  PID:8676

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9280

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9928

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:428

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:1020

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:5300

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9592
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Windows\SysWOW64\drivers\a.bat
  2⤵
  PID:8520
- - C:\Windows\SysWOW64\attrib.exe
    attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
    3⤵
    PID:10780
- C:\Windows\SysWOW64\drivers\DefragFs.exe
  C:\Windows\system32\drivers\DefragFs.exe
  2⤵
  PID:9084

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9908

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9104

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:10224

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8764

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:4864

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9088

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9416

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8696

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9312

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9740
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Windows\SysWOW64\drivers\a.bat
  2⤵
  PID:10196
- - C:\Windows\SysWOW64\attrib.exe
    attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
    3⤵
    PID:10600
- C:\Windows\SysWOW64\drivers\DefragFs.exe
  C:\Windows\system32\drivers\DefragFs.exe
  2⤵
  PID:10088

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Windows\SysWOW64\drivers\a.bat
1⤵
PID:10120

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:10092

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:10188

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9640

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9680

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8488

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:10108

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9356

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9220

C:\Windows\SysWOW64\drivers\DefragFs.exe
C:\Windows\system32\drivers\DefragFs.exe
1⤵
PID:8496

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9256

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:1864

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8936

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9992

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9968

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:7472

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9404

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9452

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8856

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9252

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:10128

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9228

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:7608

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9780

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:10184

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9088
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Windows\SysWOW64\drivers\a.bat
  2⤵
  PID:3808

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:10092

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:10016

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8968

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9492

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:6760

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9752

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9128

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9884

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Windows\SysWOW64\drivers\a.bat
1⤵
PID:5660

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9852

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9856

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:3516

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:10024

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:6776

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9764

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9668

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8476

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9732

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9772

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9284

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:5500

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9452

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9028

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9908

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9328

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:3908

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:7608

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:10028

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9516

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8276

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:10184

C:\Windows\SysWOW64\drivers\DefragFs.exe
C:\Windows\system32\drivers\DefragFs.exe
1⤵
PID:9740

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9596

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9948

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:10016

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9856

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9528

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:6196

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:10236

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8228

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8180

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9716

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8088

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9336
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Windows\SysWOW64\drivers\a.bat
  2⤵
  PID:10448

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9284

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9068

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9028

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9260

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9196

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9292

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Windows\SysWOW64\drivers\a.bat
1⤵
PID:9812

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9340

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:7608

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8316

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8696

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9416

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9968

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9324

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9992

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:10012

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:10176

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9948

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:5300

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:6940

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8928

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8024

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8480

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9312

C:\Windows\SysWOW64\drivers\DefragFs.exe
C:\Windows\system32\drivers\DefragFs.exe
1⤵
PID:8596

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:10096

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:10100

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9996

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:10128

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:7480

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9624

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9260

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9280

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9376

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:10092

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9772

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9692

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:6724

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9344

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9488

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8992

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9892

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:10180

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:5660

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:5956

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
- Views/modifies file attributes
PID:8024

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:2388

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9508
- C:\Windows\SysWOW64\attrib.exe
  attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
  2⤵
  PID:10656

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
- Views/modifies file attributes
PID:8480

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9472

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9044

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8936

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:10232

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:2848

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9372

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9696

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:428

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9288

C:\Windows\SysWOW64\drivers\DefragFs.exe
C:\Windows\system32\drivers\DefragFs.exe
1⤵
PID:5660

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9452

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9732

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8476
- C:\Windows\SysWOW64\drivers\DefragFs.exe
  C:\Windows\system32\drivers\DefragFs.exe
  2⤵
  PID:10456
- - C:\Windows\SysWOW64\drivers\DefragFs.exe
    C:\Windows\system32\drivers\DefragFs.exe
    3⤵
    PID:10812
  - - C:\Windows\SysWOW64\drivers\DefragFs.exe
      C:\Windows\system32\drivers\DefragFs.exe
      4⤵
      PID:10228
    - - C:\Windows\SysWOW64\drivers\DefragFs.exe
        
        C:\Windows\system32\drivers\DefragFs.exe
        5⤵
        
        PID:6776
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\Windows\SysWOW64\drivers\a.bat
      4⤵
      PID:10008
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\Windows\SysWOW64\drivers\a.bat
    3⤵
    PID:9104
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\Windows\SysWOW64\drivers\a.bat
      4⤵
      PID:8840
  - - C:\Windows\SysWOW64\drivers\DefragFs.exe
      C:\Windows\system32\drivers\DefragFs.exe
      4⤵
      PID:8608
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Windows\SysWOW64\drivers\a.bat
  2⤵
  PID:10800

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8500

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:10140

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:10236

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:10260

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Windows\SysWOW64\drivers\a.bat
1⤵
PID:9436

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9772

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9740

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9560

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9100

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9548

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8700

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9020

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:6840

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:4448

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8696

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:6776

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8604

C:\Windows\SysWOW64\drivers\DefragFs.exe
C:\Windows\system32\drivers\DefragFs.exe
1⤵
PID:9880

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8480

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8380

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8896

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8956

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9356

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8536

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9344

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9220

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:10184

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:10144

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:6680

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9864

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
- Drops file in Drivers directory
PID:9544

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9316

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Windows\SysWOW64\drivers\a.bat
1⤵
PID:3764

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:10104

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:7480

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:5660
- C:\Windows\SysWOW64\attrib.exe
  attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
  2⤵
  PID:8496

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9748

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9732

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9940

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:5624

C:\Windows\SysWOW64\drivers\DefragFs.exe
C:\Windows\system32\drivers\DefragFs.exe
1⤵
PID:9592

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9996

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:7016

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:10288

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:7952

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:10084

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9128

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:10212
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Windows\SysWOW64\drivers\a.bat
  2⤵
  PID:8736
- C:\Windows\SysWOW64\drivers\DefragFs.exe
  C:\Windows\system32\drivers\DefragFs.exe
  2⤵
  PID:8604

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9436
- C:\Windows\SysWOW64\attrib.exe
  attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
  2⤵
  PID:10740

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8856

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:10392

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:10340

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:10472

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:10648

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:10620

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:10612

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:10592

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:10584

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:10552

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:10528

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:10496

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:10484

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:10428

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:10420

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:10352

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9756

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9716

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9780

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9808

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9852

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9104

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8296

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8720

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9632

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8624

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:5500

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:7896

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:7508

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9508

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:7820

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:6840

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8832

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8412

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:10920

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:10868

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:10860

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:10828

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:10820

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:10768

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9924

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9836

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:6260

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:10016

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9920

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8604
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Windows\SysWOW64\drivers\a.bat
  2⤵
  PID:9500
- C:\Windows\SysWOW64\drivers\DefragFs.exe
  C:\Windows\system32\drivers\DefragFs.exe
  2⤵
  PID:9768

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8276

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9372

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9236

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:10012

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9904

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9260

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Windows\SysWOW64\drivers\a.bat
1⤵
PID:10044

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
- Drops file in Drivers directory
PID:9984

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:10144

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8844

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8968
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Windows\SysWOW64\drivers\a.bat
  2⤵
  PID:7684
- C:\Windows\SysWOW64\drivers\DefragFs.exe
  C:\Windows\system32\drivers\DefragFs.exe
  2⤵
  PID:9200

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:6776

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9960

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8260

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8256

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9100

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9828

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9416

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8992

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9952

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9648

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9428

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9684
- C:\Windows\SysWOW64\attrib.exe
  attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
  2⤵
  PID:11024

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9592

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:10200

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:7296

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:6764

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:5300

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9636

C:\Windows\SysWOW64\drivers\DefragFs.exe
C:\Windows\system32\drivers\DefragFs.exe
1⤵
PID:7516

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Windows\SysWOW64\drivers\a.bat
1⤵
PID:8516
- C:\Windows\SysWOW64\attrib.exe
  attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
  2⤵
  PID:8324

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:7016

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:6556

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9304

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9584

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:724

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9252

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8696
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Windows\SysWOW64\drivers\a.bat
  2⤵
  PID:8116
- - C:\Windows\SysWOW64\attrib.exe
    attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
    3⤵
    PID:8916
- C:\Windows\SysWOW64\drivers\DefragFs.exe
  C:\Windows\system32\drivers\DefragFs.exe
  2⤵
  PID:7288

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8196

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:6704

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9404

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:7428

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:6940

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:10164

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9292

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
- Drops file in Drivers directory
PID:4448

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:10188

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:10192

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9852

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:10964

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:10956

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
- Views/modifies file attributes
PID:11076

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:11068

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:11060

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:11044

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:11004

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:10996

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9880

C:\Windows\SysWOW64\drivers\DefragFs.exe
C:\Windows\system32\drivers\DefragFs.exe
1⤵
PID:10056

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9856

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:10100

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9928

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8500

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:10016

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9848

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9812

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8476

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9452

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:6724

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9228

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8220

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9156

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8376

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9728

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9084

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:11108

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:11176

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:11188

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:11160

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
- Drops file in Drivers directory
PID:11144

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:11136

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:11116

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:11100

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:11092

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:11084

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9144

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:7884
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Windows\SysWOW64\drivers\a.bat
  2⤵
  PID:8580
- C:\Windows\SysWOW64\drivers\DefragFs.exe
  C:\Windows\system32\drivers\DefragFs.exe
  2⤵
  PID:9052

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9020

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8652

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9548

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8536

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8180

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:4116

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8416

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:10332

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9540

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:6940

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8700

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:4124

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:3908

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8692

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:10268

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9764

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9328

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8228

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8984

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
- Drops file in Drivers directory
PID:9348

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9448

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9356

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9376

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9044

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8492
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Windows\SysWOW64\drivers\a.bat
  2⤵
  PID:8268
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\Windows\SysWOW64\drivers\a.bat
    3⤵
    PID:9108
- - C:\Windows\SysWOW64\drivers\DefragFs.exe
    C:\Windows\system32\drivers\DefragFs.exe
    3⤵
    - Drops file in Drivers directory
    PID:9104
- C:\Windows\SysWOW64\drivers\DefragFs.exe
  C:\Windows\system32\drivers\DefragFs.exe
  2⤵
  PID:7884

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8676

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:7296

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:6840

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8796

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8896

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Windows\SysWOW64\drivers\a.bat
1⤵
PID:10204

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:10168

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:10160

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:10152

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
- Views/modifies file attributes
PID:10136

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:10128

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:10112

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:10104

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:10080

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:10072

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:10048

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:10040

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9996

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9980

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9956

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9948

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9912

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9880

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9852

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9844

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9836

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9812

C:\Windows\SysWOW64\drivers\DefragFs.exe
C:\Windows\system32\drivers\DefragFs.exe
1⤵
PID:9804

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9776

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9752

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9692

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9652

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9640

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9620

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9556

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9536

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9516

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9436

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9416

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9424

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9408

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9336

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9328

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9320

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9312

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9304

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9296

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9268

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9232

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:6776

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8956

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8380

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:4156

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8196
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Windows\SysWOW64\drivers\a.bat
  2⤵
  PID:8876
- C:\Windows\SysWOW64\drivers\DefragFs.exe
  C:\Windows\system32\drivers\DefragFs.exe
  2⤵
  PID:8232

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8660

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8496

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:6940

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Windows\SysWOW64\drivers\a.bat
1⤵
PID:8744

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:5660

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8760

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8868

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:5128

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9088

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9180

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8412

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:7952

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:5624

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8348

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8224

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8316

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8248

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8364

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
- Views/modifies file attributes
PID:6572

C:\Windows\SysWOW64\drivers\DefragFs.exe
C:\Windows\system32\drivers\DefragFs.exe
1⤵
PID:8696

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8480

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8104

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8520

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9144

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:3764

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:7472
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Windows\SysWOW64\drivers\a.bat
  2⤵
  PID:8544
- C:\Windows\SysWOW64\drivers\DefragFs.exe
  C:\Windows\system32\drivers\DefragFs.exe
  2⤵
  PID:8296

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8904
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Windows\SysWOW64\drivers\a.bat
  2⤵
  PID:9212
- C:\Windows\SysWOW64\drivers\DefragFs.exe
  C:\Windows\system32\drivers\DefragFs.exe
  2⤵
  PID:8968

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:7480

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8412

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8888

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:6260

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8536

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:6196

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:6704

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:3516

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9200

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8832

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:5500

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8720

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9076

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8316

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9492

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8240

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:1068

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8296
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Windows\SysWOW64\drivers\a.bat
  2⤵
  PID:8028

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:6680

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Windows\SysWOW64\drivers\a.bat
1⤵
PID:1048

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9180

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:1732

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9160

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8364

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8824
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Windows\SysWOW64\drivers\a.bat
  2⤵
  PID:9152
- C:\Windows\SysWOW64\drivers\DefragFs.exe
  C:\Windows\system32\drivers\DefragFs.exe
  2⤵
  PID:8904

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:6724

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8660

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:6248

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8876

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8480

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8868

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:680

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8940

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:2388

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:6776

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8936

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8380

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8912

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:7480

C:\Windows\SysWOW64\drivers\DefragFs.exe
C:\Windows\system32\drivers\DefragFs.exe
1⤵
PID:8196

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8928

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8228

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:6660

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9200
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Windows\SysWOW64\drivers\a.bat
  2⤵
  PID:7672
- C:\Windows\SysWOW64\drivers\DefragFs.exe
  C:\Windows\system32\drivers\DefragFs.exe
  2⤵
  PID:8268

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:5700

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:6712

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8224

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8804

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8876

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:5900

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9160

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8388

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8500

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9084

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8580

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8624

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8380

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:6680

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:6292

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9088

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8832

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8104

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8916

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8912

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:7792

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8520

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8312

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Windows\SysWOW64\drivers\a.bat
1⤵
PID:8672

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:7480

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:6724

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:7328

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8652

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8088

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:6704

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9044

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8200

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8740

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9292

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:7516

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8804

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:692

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:7508

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8680

C:\Windows\SysWOW64\drivers\DefragFs.exe
C:\Windows\system32\drivers\DefragFs.exe
1⤵
PID:8492

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9452

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9156

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9160

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9068

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:1060

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:3516

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9076

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8476

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8360

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:7176

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8596

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8704

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9040

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9184

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9124

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8252

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:5700

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8636

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8864

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:7428

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:6260

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8484

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9052

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8024

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8724

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:6724

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:6392

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:7480

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8748

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8536

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:6196

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8416

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8808

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9080

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:6660

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:6772

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8728

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8680

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8696

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9156

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:7996

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8768

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8612

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:6248
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Windows\SysWOW64\drivers\a.bat
  2⤵
  PID:8576

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8772

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8064

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8104

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8868

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9148

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9184

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8312

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8212

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8636

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8076

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8540

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8672

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:6684

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8660

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8100

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:7480

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9188

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8416

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9032

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:7948

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:7508

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8260

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8500

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8252

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8744

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8936

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9116

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:7952

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8608

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8908

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8388

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8704

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8888

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8372

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:7884

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8492

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8116

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8104

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9148

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8604

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:7708

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:7832

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:7172

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8304

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8224

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8076

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8088

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8524

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8512

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:7480

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8616

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:7508

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8080

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8240

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8236

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8216

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:6572

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:7948

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8708

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8984

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8376

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:6724

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8744

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8920

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8748

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8732

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:8208

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:9156

C:\Windows\SysWOW64\attrib.exe
attrib -a -r -s -h C:\Windows\SysWOW64\drivers\DefragFs.exe
1⤵
PID:7996

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\a.bat

Filesize
336B

MD5
11693c80ef93e5d9112caee1bb9ac341

SHA1
740814508857a379b4815e6a49cc2d99ae123e9d

SHA256
278cf2bd69f3b6556af42fc2b83b7dfde7a4f2a491eaf65f0a0bb9bba6953ae1

SHA512
5086bd13594c0496c9de53dcf7e70ab5dc67d954888104f0e067396a31aa31a8ec2d67640ff7f4a50c1eef279da61c50a58223572498cfc3199e3a946e248dec

Download Submit
C:\Windows\SysWOW64\drivers\DefragFs.exe

Filesize
40KB

MD5
5a265cbedcc861fa59c051532563b610

SHA1
92acef504ce306474e180fb8c2ec777a8d5d174f

SHA256
5207c0125327c9c4b4508ec553f0514bfb3f21b77264b80b1a1b81135a2bfe7f

SHA512
1cc06f3fb31bbd90003e69427877b313278fd2e8711471c3eaee84195bc5cbeef0c407747191394297ca6a788b36d9934d25c944a9e7298c8696f4701cba5a86

Download Submit
C:\Windows\SysWOW64\drivers\a.bat

Filesize
240B

MD5
25d31fbe076d54a5aeabe7d5cb2e6fdf

SHA1
0997ff1fa16d10f398c7caaf039a329c27d8b26c

SHA256
dd21dea45ad75573a363d2013f8b52b407f84f5d822411eccd3b2e1f5dbc1675

SHA512
14554bc59870c3322c8fce2d8a4e32942d5c0529a9e13f0c8b01d32a9989d028c845fe06f9bdb7fde6cda9c707afd0fac2aafdea3485b8afcc24d5b9ef94304c

Download Submit
memory/116-36-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/220-225-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/444-66-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/636-51-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/1368-21-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/1368-0-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/1452-116-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/1996-190-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/2172-86-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/2244-211-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/2252-28-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/2420-57-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/2596-80-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/2916-204-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/2936-828-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/2964-326-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/3032-236-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/3040-176-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/3236-109-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/3236-94-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/3384-151-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/3676-251-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/3676-453-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/3912-130-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/3972-137-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/4012-246-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/4308-241-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/4524-44-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/4556-1262-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/4584-122-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/4592-22-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/4592-9-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/4676-95-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/4920-73-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/4924-158-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/5052-183-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/5096-102-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/5128-286-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/5168-256-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/5304-311-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/5316-261-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/5440-266-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/5592-271-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/5604-296-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/5736-441-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/5792-276-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/6060-362-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/6084-357-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/6104-331-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/6224-392-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/6532-398-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/6752-404-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/6764-564-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/6844-435-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/6844-518-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/7288-479-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/7596-512-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/7884-684-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/8116-495-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/8296-642-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/8596-817-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/8968-626-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/9088-800-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/9412-998-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/10056-748-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/10172-805-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/10456-859-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/11168-1012-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/11232-1028-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/12160-1024-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/12324-1099-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/13064-1160-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download