a6ca5e48bdb7b47ee38180a99f643cafe21d1f9791e5396df88db496fc7b55ea

Analysis

max time kernel
46s
max time network
121s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
12-02-2024 05:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

966b785b2c7845b2ea36d78b0a0be0fc.exe
Size

28KB
MD5

966b785b2c7845b2ea36d78b0a0be0fc
SHA1

ec447e5ee368fb1517dff1875986072d4ef45d8d
SHA256

a6ca5e48bdb7b47ee38180a99f643cafe21d1f9791e5396df88db496fc7b55ea
SHA512

bdecb232cc24bd3e08dc24f30c7f96113fee048140a20963904d2d420f18e1ddb3913daadef78e1471fed04620d2fd4de3bd30a6f62d9aa5593e504200062c13
SSDEEP

384:a4s5I8F9SkgNcR0Om9DdziH1dPQSch/3+r21yn:a4sLF4kgK0dzydP0F3+r2+

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2544	ravsprselry.exe
2864	ravsprselry.exe
2596	ravsprselry.exe
2616	ravsprselry.exe
2760	ravsprselry.exe
2648	ravsprselry.exe
1816	ravsprselry.exe
2952	ravsprselry.exe
1620	ravsprselry.exe
1964	ravsprselry.exe
528	ravsprselry.exe
2924	ravsprselry.exe
604	ravsprselry.exe
1524	ravsprselry.exe
1772	ravsprselry.exe
1284	ravsprselry.exe
2124	ravsprselry.exe
2188	ravsprselry.exe
2136	ravsprselry.exe
2812	ravsprselry.exe
3040	ravsprselry.exe
1664	ravsprselry.exe
1188	ravsprselry.exe
800	ravsprselry.exe
928	ravsprselry.exe
1232	ravsprselry.exe
3060	ravsprselry.exe
2164	ravsprselry.exe
892	ravsprselry.exe
3016	ravsprselry.exe
1344	ravsprselry.exe
1720	ravsprselry.exe
2884	ravsprselry.exe
2448	ravsprselry.exe
2716	ravsprselry.exe
2032	ravsprselry.exe
2596	ravsprselry.exe
2728	ravsprselry.exe
2632	ravsprselry.exe
1764	ravsprselry.exe
2024	ravsprselry.exe
2900	ravsprselry.exe
752	ravsprselry.exe
2820	ravsprselry.exe
1040	ravsprselry.exe
2964	ravsprselry.exe
1944	ravsprselry.exe
2904	ravsprselry.exe
756	ravsprselry.exe
1800	ravsprselry.exe
1652	ravsprselry.exe
2980	ravsprselry.exe
2060	ravsprselry.exe
880	ravsprselry.exe
2124	ravsprselry.exe
2832	ravsprselry.exe
2564	ravsprselry.exe
2800	ravsprselry.exe
1548	ravsprselry.exe
2172	ravsprselry.exe
900	ravsprselry.exe
800	ravsprselry.exe
928	ravsprselry.exe
1232	ravsprselry.exe

Loads dropped DLL 64 IoCs

pid	Process
660	966b785b2c7845b2ea36d78b0a0be0fc.exe
660	966b785b2c7845b2ea36d78b0a0be0fc.exe
2544	ravsprselry.exe
2544	ravsprselry.exe
2544	ravsprselry.exe
2864	ravsprselry.exe
2864	ravsprselry.exe
2864	ravsprselry.exe
2596	ravsprselry.exe
2596	ravsprselry.exe
2596	ravsprselry.exe
2616	ravsprselry.exe
2616	ravsprselry.exe
2616	ravsprselry.exe
2760	ravsprselry.exe
2760	ravsprselry.exe
2760	ravsprselry.exe
2648	ravsprselry.exe
2648	ravsprselry.exe
2648	ravsprselry.exe
1816	ravsprselry.exe
1816	ravsprselry.exe
1816	ravsprselry.exe
2952	ravsprselry.exe
2952	ravsprselry.exe
2952	ravsprselry.exe
1620	ravsprselry.exe
1620	ravsprselry.exe
1620	ravsprselry.exe
1964	ravsprselry.exe
1964	ravsprselry.exe
1964	ravsprselry.exe
528	ravsprselry.exe
528	ravsprselry.exe
528	ravsprselry.exe
2924	ravsprselry.exe
2924	ravsprselry.exe
2924	ravsprselry.exe
604	ravsprselry.exe
604	ravsprselry.exe
604	ravsprselry.exe
1524	ravsprselry.exe
1524	ravsprselry.exe
1524	ravsprselry.exe
1772	ravsprselry.exe
1772	ravsprselry.exe
1772	ravsprselry.exe
1284	ravsprselry.exe
1284	ravsprselry.exe
1284	ravsprselry.exe
2124	ravsprselry.exe
2124	ravsprselry.exe
2124	ravsprselry.exe
2188	ravsprselry.exe
2188	ravsprselry.exe
2188	ravsprselry.exe
2136	ravsprselry.exe
2136	ravsprselry.exe
2136	ravsprselry.exe
2812	ravsprselry.exe
2812	ravsprselry.exe
2812	ravsprselry.exe
3040	ravsprselry.exe
3040	ravsprselry.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\ravsprselry.exe	ravsprselry.exe
File created	C:\Windows\SysWOW64\ravsprselry.exe	ravsprselry.exe
File opened for modification	C:\Windows\SysWOW64\ravsprselry.exe	ravsprselry.exe
File created	C:\Windows\SysWOW64\ravsprselry.exe	ravsprselry.exe
File opened for modification	C:\Windows\SysWOW64\ravsprselry.exe	ravsprselry.exe
File created	C:\Windows\SysWOW64\ravsprselry.exe	966b785b2c7845b2ea36d78b0a0be0fc.exe
File opened for modification	C:\Windows\SysWOW64\ravsprselry.exe	ravsprselry.exe
File opened for modification	C:\Windows\SysWOW64\ravsprselry.exe	ravsprselry.exe
File created	C:\Windows\SysWOW64\ravsprselry.exe	ravsprselry.exe
File opened for modification	C:\Windows\SysWOW64\ravsprselry.exe	ravsprselry.exe
File created	C:\Windows\SysWOW64\ravsprselry.exe	ravsprselry.exe
File opened for modification	C:\Windows\SysWOW64\ravsprselry.exe	ravsprselry.exe
File created	C:\Windows\SysWOW64\ravsprselry.exe	ravsprselry.exe
File opened for modification	C:\Windows\SysWOW64\ravsprselry.exe	ravsprselry.exe
File created	C:\Windows\SysWOW64\ravsprselry.exe	ravsprselry.exe
File created	C:\Windows\SysWOW64\ravsprselry.exe	ravsprselry.exe
File created	C:\Windows\SysWOW64\ravsprselry.exe	ravsprselry.exe
File created	C:\Windows\SysWOW64\ravsprselry.exe	ravsprselry.exe
File created	C:\Windows\SysWOW64\ravsprselry.exe	ravsprselry.exe
File created	C:\Windows\SysWOW64\ravsprselry.exe	ravsprselry.exe
File opened for modification	C:\Windows\SysWOW64\ravsprselry.exe	ravsprselry.exe
File created	C:\Windows\SysWOW64\ravsprselry.exe	ravsprselry.exe
File opened for modification	C:\Windows\SysWOW64\ravsprselry.exe	ravsprselry.exe
File opened for modification	C:\Windows\SysWOW64\ravsprselry.exe	ravsprselry.exe
File opened for modification	C:\Windows\SysWOW64\ravsprselry.exe	ravsprselry.exe
File opened for modification	C:\Windows\SysWOW64\ravsprselry.exe	ravsprselry.exe
File created	C:\Windows\SysWOW64\ravsprselry.exe	ravsprselry.exe
File created	C:\Windows\SysWOW64\ravsprselry.exe	ravsprselry.exe
File created	C:\Windows\SysWOW64\ravsprselry.exe	ravsprselry.exe
File opened for modification	C:\Windows\SysWOW64\ravsprselry.exe	ravsprselry.exe
File opened for modification	C:\Windows\SysWOW64\ravsprselry.exe	ravsprselry.exe
File opened for modification	C:\Windows\SysWOW64\ravsprselry.exe	ravsprselry.exe
File opened for modification	C:\Windows\SysWOW64\ravsprselry.exe	ravsprselry.exe
File opened for modification	C:\Windows\SysWOW64\ravsprselry.exe	ravsprselry.exe
File opened for modification	C:\Windows\SysWOW64\ravsprselry.exe	ravsprselry.exe
File opened for modification	C:\Windows\SysWOW64\ravsprselry.exe	ravsprselry.exe
File created	C:\Windows\SysWOW64\ravsprselry.exe	ravsprselry.exe
File created	C:\Windows\SysWOW64\ravsprselry.exe	ravsprselry.exe
File created	C:\Windows\SysWOW64\ravsprselry.exe	ravsprselry.exe
File created	C:\Windows\SysWOW64\ravsprselry.exe	ravsprselry.exe
File created	C:\Windows\SysWOW64\ravsprselry.exe	ravsprselry.exe
File created	C:\Windows\SysWOW64\ravsprselry.exe	ravsprselry.exe
File opened for modification	C:\Windows\SysWOW64\ravsprselry.exe	ravsprselry.exe
File created	C:\Windows\SysWOW64\ravsprselry.exe	ravsprselry.exe
File created	C:\Windows\SysWOW64\ravsprselry.exe	ravsprselry.exe
File opened for modification	C:\Windows\SysWOW64\ravsprselry.exe	ravsprselry.exe
File opened for modification	C:\Windows\SysWOW64\ravsprselry.exe	ravsprselry.exe
File created	C:\Windows\SysWOW64\ravsprselry.exe	ravsprselry.exe
File opened for modification	C:\Windows\SysWOW64\ravsprselry.exe	ravsprselry.exe
File opened for modification	C:\Windows\SysWOW64\ravsprselry.exe	ravsprselry.exe
File created	C:\Windows\SysWOW64\ravsprselry.exe	ravsprselry.exe
File opened for modification	C:\Windows\SysWOW64\ravsprselry.exe	ravsprselry.exe
File opened for modification	C:\Windows\SysWOW64\ravsprselry.exe	ravsprselry.exe
File opened for modification	C:\Windows\SysWOW64\ravsprselry.exe	ravsprselry.exe
File created	C:\Windows\SysWOW64\ravsprselry.exe	ravsprselry.exe
File created	C:\Windows\SysWOW64\ravsprselry.exe	ravsprselry.exe
File opened for modification	C:\Windows\SysWOW64\ravsprselry.exe	ravsprselry.exe
File opened for modification	C:\Windows\SysWOW64\ravsprselry.exe	ravsprselry.exe
File created	C:\Windows\SysWOW64\ravsprselry.exe	ravsprselry.exe
File opened for modification	C:\Windows\SysWOW64\ravsprselry.exe	ravsprselry.exe
File created	C:\Windows\SysWOW64\ravsprselry.exe	ravsprselry.exe
File created	C:\Windows\SysWOW64\ravsprselry.exe	ravsprselry.exe
File created	C:\Windows\SysWOW64\ravsprselry.exe	ravsprselry.exe
File opened for modification	C:\Windows\SysWOW64\ravsprselry.exe	ravsprselry.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
660	966b785b2c7845b2ea36d78b0a0be0fc.exe
660	966b785b2c7845b2ea36d78b0a0be0fc.exe
2544	ravsprselry.exe
2544	ravsprselry.exe
2864	ravsprselry.exe
2864	ravsprselry.exe
2596	ravsprselry.exe
2596	ravsprselry.exe
2616	ravsprselry.exe
2616	ravsprselry.exe
2760	ravsprselry.exe
2760	ravsprselry.exe
2648	ravsprselry.exe
2648	ravsprselry.exe
1816	ravsprselry.exe
1816	ravsprselry.exe
2952	ravsprselry.exe
2952	ravsprselry.exe
1620	ravsprselry.exe
1620	ravsprselry.exe
1964	ravsprselry.exe
1964	ravsprselry.exe
528	ravsprselry.exe
528	ravsprselry.exe
2924	ravsprselry.exe
2924	ravsprselry.exe
604	ravsprselry.exe
604	ravsprselry.exe
1524	ravsprselry.exe
1524	ravsprselry.exe
1772	ravsprselry.exe
1772	ravsprselry.exe
1284	ravsprselry.exe
1284	ravsprselry.exe
2124	ravsprselry.exe
2124	ravsprselry.exe
2188	ravsprselry.exe
2188	ravsprselry.exe
2136	ravsprselry.exe
2136	ravsprselry.exe
2812	ravsprselry.exe
2812	ravsprselry.exe
3040	ravsprselry.exe
3040	ravsprselry.exe
1664	ravsprselry.exe
1664	ravsprselry.exe
1188	ravsprselry.exe
1188	ravsprselry.exe
800	ravsprselry.exe
800	ravsprselry.exe
928	ravsprselry.exe
928	ravsprselry.exe
1232	ravsprselry.exe
1232	ravsprselry.exe
3060	ravsprselry.exe
3060	ravsprselry.exe
2164	ravsprselry.exe
2164	ravsprselry.exe
892	ravsprselry.exe
892	ravsprselry.exe
3016	ravsprselry.exe
3016	ravsprselry.exe
1344	ravsprselry.exe
1344	ravsprselry.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 660 wrote to memory of 2544	660	966b785b2c7845b2ea36d78b0a0be0fc.exe	28
PID 660 wrote to memory of 2544	660	966b785b2c7845b2ea36d78b0a0be0fc.exe	28
PID 660 wrote to memory of 2544	660	966b785b2c7845b2ea36d78b0a0be0fc.exe	28
PID 660 wrote to memory of 2544	660	966b785b2c7845b2ea36d78b0a0be0fc.exe	28
PID 2544 wrote to memory of 2864	2544	ravsprselry.exe	29
PID 2544 wrote to memory of 2864	2544	ravsprselry.exe	29
PID 2544 wrote to memory of 2864	2544	ravsprselry.exe	29
PID 2544 wrote to memory of 2864	2544	ravsprselry.exe	29
PID 2864 wrote to memory of 2596	2864	ravsprselry.exe	30
PID 2864 wrote to memory of 2596	2864	ravsprselry.exe	30
PID 2864 wrote to memory of 2596	2864	ravsprselry.exe	30
PID 2864 wrote to memory of 2596	2864	ravsprselry.exe	30
PID 2596 wrote to memory of 2616	2596	ravsprselry.exe	31
PID 2596 wrote to memory of 2616	2596	ravsprselry.exe	31
PID 2596 wrote to memory of 2616	2596	ravsprselry.exe	31
PID 2596 wrote to memory of 2616	2596	ravsprselry.exe	31
PID 2616 wrote to memory of 2760	2616	ravsprselry.exe	32
PID 2616 wrote to memory of 2760	2616	ravsprselry.exe	32
PID 2616 wrote to memory of 2760	2616	ravsprselry.exe	32
PID 2616 wrote to memory of 2760	2616	ravsprselry.exe	32
PID 2760 wrote to memory of 2648	2760	ravsprselry.exe	33
PID 2760 wrote to memory of 2648	2760	ravsprselry.exe	33
PID 2760 wrote to memory of 2648	2760	ravsprselry.exe	33
PID 2760 wrote to memory of 2648	2760	ravsprselry.exe	33
PID 2648 wrote to memory of 1816	2648	ravsprselry.exe	34
PID 2648 wrote to memory of 1816	2648	ravsprselry.exe	34
PID 2648 wrote to memory of 1816	2648	ravsprselry.exe	34
PID 2648 wrote to memory of 1816	2648	ravsprselry.exe	34
PID 1816 wrote to memory of 2952	1816	ravsprselry.exe	35
PID 1816 wrote to memory of 2952	1816	ravsprselry.exe	35
PID 1816 wrote to memory of 2952	1816	ravsprselry.exe	35
PID 1816 wrote to memory of 2952	1816	ravsprselry.exe	35
PID 2952 wrote to memory of 1620	2952	ravsprselry.exe	36
PID 2952 wrote to memory of 1620	2952	ravsprselry.exe	36
PID 2952 wrote to memory of 1620	2952	ravsprselry.exe	36
PID 2952 wrote to memory of 1620	2952	ravsprselry.exe	36
PID 1620 wrote to memory of 1964	1620	ravsprselry.exe	37
PID 1620 wrote to memory of 1964	1620	ravsprselry.exe	37
PID 1620 wrote to memory of 1964	1620	ravsprselry.exe	37
PID 1620 wrote to memory of 1964	1620	ravsprselry.exe	37
PID 1964 wrote to memory of 528	1964	ravsprselry.exe	38
PID 1964 wrote to memory of 528	1964	ravsprselry.exe	38
PID 1964 wrote to memory of 528	1964	ravsprselry.exe	38
PID 1964 wrote to memory of 528	1964	ravsprselry.exe	38
PID 528 wrote to memory of 2924	528	ravsprselry.exe	39
PID 528 wrote to memory of 2924	528	ravsprselry.exe	39
PID 528 wrote to memory of 2924	528	ravsprselry.exe	39
PID 528 wrote to memory of 2924	528	ravsprselry.exe	39
PID 2924 wrote to memory of 604	2924	ravsprselry.exe	40
PID 2924 wrote to memory of 604	2924	ravsprselry.exe	40
PID 2924 wrote to memory of 604	2924	ravsprselry.exe	40
PID 2924 wrote to memory of 604	2924	ravsprselry.exe	40
PID 604 wrote to memory of 1524	604	ravsprselry.exe	41
PID 604 wrote to memory of 1524	604	ravsprselry.exe	41
PID 604 wrote to memory of 1524	604	ravsprselry.exe	41
PID 604 wrote to memory of 1524	604	ravsprselry.exe	41
PID 1524 wrote to memory of 1772	1524	ravsprselry.exe	42
PID 1524 wrote to memory of 1772	1524	ravsprselry.exe	42
PID 1524 wrote to memory of 1772	1524	ravsprselry.exe	42
PID 1524 wrote to memory of 1772	1524	ravsprselry.exe	42
PID 1772 wrote to memory of 1284	1772	ravsprselry.exe	43
PID 1772 wrote to memory of 1284	1772	ravsprselry.exe	43
PID 1772 wrote to memory of 1284	1772	ravsprselry.exe	43
PID 1772 wrote to memory of 1284	1772	ravsprselry.exe	43

C:\Users\Admin\AppData\Local\Temp\966b785b2c7845b2ea36d78b0a0be0fc.exe
"C:\Users\Admin\AppData\Local\Temp\966b785b2c7845b2ea36d78b0a0be0fc.exe"
1⤵
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:660
- C:\Windows\SysWOW64\ravsprselry.exe
  "C:\Windows\system32\ravsprselry.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2544
- - C:\Windows\SysWOW64\ravsprselry.exe
    "C:\Windows\system32\ravsprselry.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in System32 directory
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2864
  - - C:\Windows\SysWOW64\ravsprselry.exe
      "C:\Windows\system32\ravsprselry.exe"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Drops file in System32 directory
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2596
    - - C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2616
      - C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2760
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2648
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        8⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1816
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        9⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2952
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        10⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1620
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        11⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1964
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        12⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:528
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        13⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2924
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        14⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:604
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        15⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1524
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        16⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1772
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        17⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1284
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        18⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2124
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        19⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2188
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        20⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2136
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        21⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2812
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        22⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:3040
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        23⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1664
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        24⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of SetWindowsHookEx
        
        PID:1188
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        25⤵
        
        PID:800
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        26⤵
        
        PID:928
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        27⤵
        
        PID:1232
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        28⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3060
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        29⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of SetWindowsHookEx
        
        PID:2164
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        30⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of SetWindowsHookEx
        
        PID:892
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        31⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of SetWindowsHookEx
        
        PID:3016
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        32⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1344
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        33⤵
        Executes dropped EXE
        
        PID:1720
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        34⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2884
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        35⤵
        Executes dropped EXE
        
        PID:2448
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        36⤵
        Executes dropped EXE
        
        PID:2716
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        37⤵
        Executes dropped EXE
        
        PID:2032
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        38⤵
        Executes dropped EXE
        
        PID:2596
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        39⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2728
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        40⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2632
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        41⤵
        
        PID:1764
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        42⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2024
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        43⤵
        Executes dropped EXE
        
        PID:2900
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        44⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:752
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        45⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2820
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        46⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:1040
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        47⤵
        Executes dropped EXE
        
        PID:2964
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        48⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:1944
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        49⤵
        Executes dropped EXE
        
        PID:2904
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        50⤵
        
        PID:756
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        51⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:1800
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        52⤵
        Executes dropped EXE
        
        PID:1652
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        53⤵
        
        PID:2980
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        54⤵
        Executes dropped EXE
        
        PID:2060
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        55⤵
        Executes dropped EXE
        
        PID:880
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        56⤵
        Executes dropped EXE
        
        PID:2124
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        57⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2832
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        58⤵
        Executes dropped EXE
        
        PID:2564
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        59⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2800
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        60⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:1548
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        61⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2172
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        62⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:900
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        63⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of SetWindowsHookEx
        
        PID:800
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        64⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:928
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        65⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of SetWindowsHookEx
        
        PID:1232
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        66⤵
        
        PID:3056
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        67⤵
        Drops file in System32 directory
        
        PID:2284
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        68⤵
        Drops file in System32 directory
        
        PID:1536
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        69⤵
        
        PID:3004
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        70⤵
        Drops file in System32 directory
        
        PID:2180
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        71⤵
        
        PID:2560
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        72⤵
        Drops file in System32 directory
        
        PID:2744
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        73⤵
        
        PID:2036
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        74⤵
        
        PID:2616
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        75⤵
        
        PID:2764
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        76⤵
        Drops file in System32 directory
        
        PID:2584
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        77⤵
        Drops file in System32 directory
        
        PID:1248
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        78⤵
        
        PID:1584
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        79⤵
        
        PID:2576
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        80⤵
        Drops file in System32 directory
        
        PID:2216
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        81⤵
        Drops file in System32 directory
        
        PID:112
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        82⤵
        
        PID:1948
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        83⤵
        
        PID:2908
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        84⤵
        Drops file in System32 directory
        
        PID:672
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        85⤵
        Executes dropped EXE
        
        PID:756
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        86⤵
        
        PID:868
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        87⤵
        Drops file in System32 directory
        
        PID:1120
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        88⤵
        Executes dropped EXE
        
        PID:2980
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        89⤵
        
        PID:2080
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        90⤵
        
        PID:832
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        91⤵
        
        PID:2408
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        92⤵
        Drops file in System32 directory
        
        PID:1808
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        93⤵
        Drops file in System32 directory
        
        PID:3032
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        94⤵
        Drops file in System32 directory
        
        PID:1932
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        95⤵
        
        PID:1780
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        96⤵
        
        PID:2308
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        97⤵
        
        PID:2116
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        98⤵
        
        PID:2088
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        99⤵
        
        PID:2020
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        100⤵
        
        PID:884
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        101⤵
        
        PID:2164
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        102⤵
        
        PID:1788
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        103⤵
        
        PID:1608
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        104⤵
        
        PID:660
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        105⤵
        
        PID:2316
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        106⤵
        
        PID:2196
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        107⤵
        
        PID:2448
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        108⤵
        
        PID:2880
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        109⤵
        
        PID:2828
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        110⤵
        
        PID:2752
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        111⤵
        
        PID:2616
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        112⤵
        
        PID:2604
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        113⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:1764
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        114⤵
        
        PID:1816
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        115⤵
        
        PID:1196
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        116⤵
        
        PID:1952
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        117⤵
        
        PID:1920
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        118⤵
        
        PID:2896
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        119⤵
        
        PID:572
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        120⤵
        
        PID:1500
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        121⤵
        
        PID:1508
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        122⤵
        
        PID:2156
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        123⤵
        
        PID:1092
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        124⤵
        
        PID:2372
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        125⤵
        
        PID:1240
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        126⤵
        
        PID:1860
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        127⤵
        
        PID:2136
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        128⤵
        
        PID:996
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        129⤵
        
        PID:2480
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        130⤵
        
        PID:1560
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        131⤵
        
        PID:912
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        132⤵
        
        PID:1032
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        133⤵
        
        PID:2360
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        134⤵
        
        PID:2392
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        135⤵
        
        PID:2100
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        136⤵
        
        PID:3052
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        137⤵
        
        PID:2328
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        138⤵
        
        PID:2412
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        139⤵
        
        PID:1608
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        140⤵
        
        PID:2516
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        141⤵
        Drops file in System32 directory
        
        PID:2560
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        142⤵
        
        PID:3016
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        143⤵
        
        PID:2032
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        144⤵
        
        PID:2624
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        145⤵
        
        PID:3008
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        146⤵
        
        PID:2644
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        147⤵
        
        PID:2616
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        148⤵
        
        PID:2464
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        149⤵
        
        PID:2568
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        150⤵
        
        PID:2680
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        151⤵
        
        PID:1624
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        152⤵
        
        PID:1644
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        153⤵
        
        PID:1920
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        154⤵
        
        PID:1964
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        155⤵
        
        PID:584
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        156⤵
        
        PID:1528
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        157⤵
        
        PID:1508
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        158⤵
        
        PID:2144
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        159⤵
        
        PID:2312
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        160⤵
        
        PID:2132
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        161⤵
        
        PID:1292
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        162⤵
        
        PID:552
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        163⤵
        
        PID:880
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        164⤵
        
        PID:2136
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        165⤵
        
        PID:2072
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        166⤵
        
        PID:1544
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        167⤵
        
        PID:1560
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        168⤵
        
        PID:1360
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        169⤵
        
        PID:1872
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        170⤵
        
        PID:2116
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        171⤵
        
        PID:976
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        172⤵
        
        PID:1936
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        173⤵
        
        PID:1468
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        174⤵
        
        PID:1956
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        175⤵
        
        PID:2192
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        176⤵
        
        PID:1720
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        177⤵
        
        PID:1716
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        178⤵
        
        PID:2516
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        179⤵
        
        PID:2736
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        180⤵
        
        PID:2552
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        181⤵
        
        PID:3016
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        182⤵
        
        PID:2804
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        183⤵
        
        PID:2624
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        184⤵
        
        PID:3008
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        185⤵
        
        PID:2008
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        186⤵
        
        PID:2636
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        187⤵
        
        PID:2476
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        188⤵
        
        PID:1796
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        189⤵
        
        PID:2928
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        190⤵
        
        PID:1040
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        191⤵
        
        PID:2820
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        192⤵
        
        PID:1948
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        193⤵
        
        PID:1152
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        194⤵
        
        PID:1504
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        195⤵
        
        PID:2988
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        196⤵
        
        PID:344
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        197⤵
        
        PID:1528
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        198⤵
        
        PID:2628
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        199⤵
        
        PID:1552
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        200⤵
        
        PID:568
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        201⤵
        
        PID:2248
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        202⤵
        
        PID:2272
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        203⤵
        
        PID:108
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        204⤵
        
        PID:2772
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        205⤵
        
        PID:2800
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        206⤵
        
        PID:2092
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        207⤵
        
        PID:956
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        208⤵
        
        PID:1616
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        209⤵
        
        PID:560
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        210⤵
        
        PID:2088
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        211⤵
        
        PID:1756
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        212⤵
        
        PID:2100
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        213⤵
        
        PID:2164
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        214⤵
        
        PID:2524
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        215⤵
        
        PID:1320
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        216⤵
        
        PID:1608
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        217⤵
        
        PID:1732
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        218⤵
        
        PID:2672
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        219⤵
        
        PID:1324
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        220⤵
        
        PID:2868
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        221⤵
        
        PID:2768
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        222⤵
        
        PID:2268
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        223⤵
        
        PID:1576
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        224⤵
        
        PID:2840
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        225⤵
        
        PID:2404
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        226⤵
        
        PID:2052
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        227⤵
        Drops file in System32 directory
        
        PID:2616
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        228⤵
        Drops file in System32 directory
        
        PID:1584
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        229⤵
        
        PID:2956
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        230⤵
        
        PID:1816
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        231⤵
        
        PID:2912
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        232⤵
        
        PID:2012
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        233⤵
        
        PID:1048
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        234⤵
        
        PID:2888
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        235⤵
        
        PID:2140
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        236⤵
        
        PID:1500
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        237⤵
        
        PID:1508
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        238⤵
        
        PID:2144
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        239⤵
        
        PID:2372
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        240⤵
        
        PID:1240
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        241⤵
        
        PID:1292
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        242⤵
        
        PID:2248
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        243⤵
        
        PID:2272
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        244⤵
        
        PID:108
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        245⤵
        
        PID:1188
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        246⤵
        
        PID:1388
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        247⤵
        
        PID:1780
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        248⤵
        
        PID:1544
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        249⤵
        
        PID:1616
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        250⤵
        
        PID:2500
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        251⤵
        
        PID:2360
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        252⤵
        
        PID:1704
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        253⤵
        
        PID:1992
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        254⤵
        
        PID:892
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        255⤵
        
        PID:2328
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        256⤵
        
        PID:852
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        257⤵
        
        PID:1608
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        258⤵
        
        PID:1732
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        259⤵
        
        PID:2448
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        260⤵
        
        PID:2968
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        261⤵
        
        PID:2596
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        262⤵
        
        PID:2764
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        263⤵
        
        PID:1736
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        264⤵
        
        PID:2588
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        265⤵
        
        PID:1876
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        266⤵
        
        PID:2444
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        267⤵
        
        PID:2752
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        268⤵
        
        PID:1696
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        269⤵
        
        PID:2556
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        270⤵
        Drops file in System32 directory
        
        PID:2576
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        271⤵
        
        PID:1196
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        272⤵
        
        PID:572
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        273⤵
        
        PID:1920
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        274⤵
        
        PID:1964
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        275⤵
        
        PID:2988
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        276⤵
        
        PID:2156
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        277⤵
        
        PID:1356
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        278⤵
        
        PID:2056
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        279⤵
        
        PID:2132
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        280⤵
        Drops file in System32 directory
        
        PID:2080
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        281⤵
        
        PID:2096
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        282⤵
        Drops file in System32 directory
        
        PID:2408
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        283⤵
        
        PID:2440
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        284⤵
        
        PID:332
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        285⤵
        
        PID:1676
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        286⤵
        
        PID:2688
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        287⤵
        
        PID:1388
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        288⤵
        
        PID:912
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        289⤵
        
        PID:2148
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        290⤵
        
        PID:1616
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        291⤵
        
        PID:2500
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        292⤵
        
        PID:2088
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        293⤵
        
        PID:2252
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        294⤵
        
        PID:2100
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        295⤵
        
        PID:2412
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        296⤵
        
        PID:1604
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        297⤵
        
        PID:2532
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        298⤵
        
        PID:2716
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        299⤵
        
        PID:2560
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        300⤵
        
        PID:2808
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        301⤵
        
        PID:2600
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        302⤵
        
        PID:2968
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        303⤵
        
        PID:364
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        304⤵
        
        PID:2804
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        305⤵
        
        PID:1576
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        306⤵
        
        PID:2984
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        307⤵
        
        PID:2572
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        308⤵
        
        PID:2052
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        309⤵
        
        PID:2616
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        310⤵
        
        PID:2640
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        311⤵
        
        PID:1688
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        312⤵
        
        PID:1816
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        313⤵
        
        PID:1196
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        314⤵
        
        PID:1136
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        315⤵
        
        PID:1920
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        316⤵
        
        PID:1964
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        317⤵
        
        PID:1252
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        318⤵
        
        PID:2156
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        319⤵
        
        PID:2904
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        320⤵
        
        PID:2056
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        321⤵
        
        PID:1700
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        322⤵
        
        PID:2472
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        323⤵
        
        PID:2248
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        324⤵
        
        PID:288
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        325⤵
        
        PID:996
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        326⤵
        
        PID:1188
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        327⤵
        
        PID:2308
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        328⤵
        
        PID:1872
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        329⤵
        
        PID:2112
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        330⤵
        
        PID:1032
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        331⤵
        Drops file in System32 directory
        
        PID:2116
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        332⤵
        
        PID:956
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        333⤵
        
        PID:1936
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        334⤵
        
        PID:1536
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        335⤵
        
        PID:1992
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        336⤵
        
        PID:1956
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        337⤵
        
        PID:1708
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        338⤵
        
        PID:1720
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        339⤵
        
        PID:2716
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        340⤵
        
        PID:2448
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        341⤵
        
        PID:2844
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        342⤵
        
        PID:2796
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        343⤵
        
        PID:2612
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        344⤵
        
        PID:2624
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        345⤵
        
        PID:2160
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        346⤵
        
        PID:2404
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        347⤵
        
        PID:2732
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        348⤵
        
        PID:2176
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        349⤵
        
        PID:2568
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        350⤵
        
        PID:2956
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        351⤵
        
        PID:2640
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        352⤵
        
        PID:1688
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        353⤵
        
        PID:112
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        354⤵
        
        PID:2896
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        355⤵
        
        PID:2888
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        356⤵
        
        PID:1972
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        357⤵
        
        PID:1480
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        358⤵
        
        PID:1092
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        359⤵
        
        PID:1772
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        360⤵
        
        PID:2988
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        361⤵
        
        PID:2056
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        362⤵
        
        PID:1700
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        363⤵
        
        PID:2472
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        364⤵
        
        PID:2408
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        365⤵
        
        PID:108
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        366⤵
        
        PID:996
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        367⤵
        
        PID:2208
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        368⤵
        Drops file in System32 directory
        
        PID:2308
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        369⤵
        
        PID:2344
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        370⤵
        
        PID:912
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        371⤵
        
        PID:776
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        372⤵
        
        PID:1232
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        373⤵
        
        PID:2088
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        374⤵
        
        PID:2164
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        375⤵
        
        PID:1752
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        376⤵
        
        PID:1044
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        377⤵
        
        PID:1604
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        378⤵
        
        PID:1608
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        379⤵
        
        PID:1320
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        380⤵
        
        PID:2560
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        381⤵
        
        PID:2792
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        382⤵
        
        PID:2768
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        383⤵
        
        PID:2968
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        384⤵
        
        PID:364
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        385⤵
        
        PID:2760
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        386⤵
        
        PID:2624
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        387⤵
        
        PID:2160
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        388⤵
        
        PID:1200
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        389⤵
        
        PID:2656
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        390⤵
        
        PID:2444
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        391⤵
        
        PID:2216
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        392⤵
        
        PID:2956
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        393⤵
        
        PID:2640
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        394⤵
        
        PID:2912
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        395⤵
        
        PID:1196
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        396⤵
        
        PID:2916
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        397⤵
        
        PID:2924
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        398⤵
        
        PID:1592
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        399⤵
        
        PID:1252
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        400⤵
        
        PID:1528
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        401⤵
        
        PID:1284
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        402⤵
        
        PID:2068
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        403⤵
        
        PID:2812
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        404⤵
        
        PID:832
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        405⤵
        
        PID:1156
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        406⤵
        
        PID:1656
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        407⤵
        
        PID:332
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        408⤵
        
        PID:1960
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        409⤵
        
        PID:2172
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        410⤵
        
        PID:632
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        411⤵
        
        PID:3064
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        412⤵
        
        PID:2148
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        413⤵
        
        PID:1756
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        414⤵
        
        PID:976
        
        C:\Windows\SysWOW64\ravsprselry.exe
        
        "C:\Windows\system32\ravsprselry.exe"
        415⤵
        
        PID:2364

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Windows\SysWOW64\ravsprselry.exe

Filesize
28KB

MD5
966b785b2c7845b2ea36d78b0a0be0fc

SHA1
ec447e5ee368fb1517dff1875986072d4ef45d8d

SHA256
a6ca5e48bdb7b47ee38180a99f643cafe21d1f9791e5396df88db496fc7b55ea

SHA512
bdecb232cc24bd3e08dc24f30c7f96113fee048140a20963904d2d420f18e1ddb3913daadef78e1471fed04620d2fd4de3bd30a6f62d9aa5593e504200062c13

Download Submit
memory/3004-65-0x0000000074280000-0x00000000742AE000-memory.dmp

Filesize
184KB

Download