e60530ca88494b2999ee7b9b769f64f001c88d9ceeb21eb787b1612a225876cb

Analysis

max time kernel
150s
max time network
126s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
14/02/2024, 02:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9a8b80b4cce46f1fcbedde6919b6cd11.exe
Size

9KB
MD5

9a8b80b4cce46f1fcbedde6919b6cd11
SHA1

3904ae810f73c106ef90476a2245962ea9154095
SHA256

e60530ca88494b2999ee7b9b769f64f001c88d9ceeb21eb787b1612a225876cb
SHA512

00c0bebbaeec4b9869c533c43eef51f101b633aa39e4c004b3a014bbde5b1050047430b422056ae46f2ca93414f65a87c7b6d7148a7511c9cf01b1ee5180b4ae
SSDEEP

192:+MT9/Pmh9Byz+vuTHMn2BHx0mdWeShNB6K0hSJ:+S9/OYyuTHm2BHesohn90I

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2000	cmd.exe

Executes dropped EXE 64 IoCs

pid	Process
2080	Ravasktao.exe
2124	Ravasktao.exe
2984	Ravasktao.exe
2756	Ravasktao.exe
2704	Ravasktao.exe
2620	Ravasktao.exe
2360	Ravasktao.exe
2028	Ravasktao.exe
1248	Ravasktao.exe
2924	Ravasktao.exe
2196	Ravasktao.exe
2156	Ravasktao.exe
1348	Ravasktao.exe
2896	Ravasktao.exe
944	Ravasktao.exe
1948	Ravasktao.exe
660	Ravasktao.exe
2372	Ravasktao.exe
396	Ravasktao.exe
1216	Ravasktao.exe
1344	Ravasktao.exe
3008	Ravasktao.exe
2320	Ravasktao.exe
548	Ravasktao.exe
2856	Ravasktao.exe
2044	Ravasktao.exe
1596	Ravasktao.exe
2496	Ravasktao.exe
2712	Ravasktao.exe
2776	Ravasktao.exe
2800	Ravasktao.exe
2912	Ravasktao.exe
2416	Ravasktao.exe
2576	Ravasktao.exe
2704	Ravasktao.exe
748	Ravasktao.exe
1460	Ravasktao.exe
2248	Ravasktao.exe
2028	Ravasktao.exe
2944	Ravasktao.exe
1820	Ravasktao.exe
2032	Ravasktao.exe
1732	Ravasktao.exe
784	Ravasktao.exe
2880	Ravasktao.exe
2908	Ravasktao.exe
1676	Ravasktao.exe
2072	Ravasktao.exe
1124	Ravasktao.exe
1908	Ravasktao.exe
2020	Ravasktao.exe
2280	Ravasktao.exe
1368	Ravasktao.exe
1536	Ravasktao.exe
1152	Ravasktao.exe
3048	Ravasktao.exe
3028	Ravasktao.exe
1016	Ravasktao.exe
1500	Ravasktao.exe
1680	Ravasktao.exe
2112	Ravasktao.exe
2276	Ravasktao.exe
2760	Ravasktao.exe
2692	Ravasktao.exe

Loads dropped DLL 64 IoCs

pid	Process
2224	9a8b80b4cce46f1fcbedde6919b6cd11.exe
2224	9a8b80b4cce46f1fcbedde6919b6cd11.exe
2080	Ravasktao.exe
2080	Ravasktao.exe
2124	Ravasktao.exe
2124	Ravasktao.exe
2984	Ravasktao.exe
2984	Ravasktao.exe
2756	Ravasktao.exe
2756	Ravasktao.exe
2704	Ravasktao.exe
2704	Ravasktao.exe
2620	Ravasktao.exe
2620	Ravasktao.exe
2360	Ravasktao.exe
2360	Ravasktao.exe
2028	Ravasktao.exe
2028	Ravasktao.exe
1248	Ravasktao.exe
1248	Ravasktao.exe
2924	Ravasktao.exe
2924	Ravasktao.exe
2196	Ravasktao.exe
2196	Ravasktao.exe
2156	Ravasktao.exe
2156	Ravasktao.exe
1348	Ravasktao.exe
1348	Ravasktao.exe
2896	Ravasktao.exe
2896	Ravasktao.exe
944	Ravasktao.exe
944	Ravasktao.exe
1948	Ravasktao.exe
1948	Ravasktao.exe
660	Ravasktao.exe
660	Ravasktao.exe
2372	Ravasktao.exe
2372	Ravasktao.exe
396	Ravasktao.exe
396	Ravasktao.exe
1216	Ravasktao.exe
1216	Ravasktao.exe
1344	Ravasktao.exe
1344	Ravasktao.exe
3008	Ravasktao.exe
3008	Ravasktao.exe
2320	Ravasktao.exe
2320	Ravasktao.exe
548	Ravasktao.exe
548	Ravasktao.exe
2856	Ravasktao.exe
2856	Ravasktao.exe
2044	Ravasktao.exe
2044	Ravasktao.exe
1596	Ravasktao.exe
1596	Ravasktao.exe
2496	Ravasktao.exe
2496	Ravasktao.exe
2712	Ravasktao.exe
2712	Ravasktao.exe
2776	Ravasktao.exe
2776	Ravasktao.exe
2800	Ravasktao.exe
2800	Ravasktao.exe

UPX packed file 13 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2224-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral1/files/0x000b000000012243-2.dat	upx
behavioral1/memory/2080-10-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral1/memory/2224-11-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral1/memory/2080-16-0x00000000001B0000-0x00000000001BA000-memory.dmp	upx
behavioral1/memory/2984-21-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral1/memory/2196-59-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral1/memory/2156-64-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral1/memory/1348-73-0x00000000001B0000-0x00000000001BA000-memory.dmp	upx
behavioral1/memory/2896-78-0x0000000000270000-0x000000000027A000-memory.dmp	upx
behavioral1/memory/944-83-0x00000000001B0000-0x00000000001BA000-memory.dmp	upx
behavioral1/memory/3028-164-0x0000000000270000-0x000000000027A000-memory.dmp	upx
behavioral1/memory/2592-220-0x00000000001B0000-0x00000000001BA000-memory.dmp	upx

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\Ravasktao.exe	Ravasktao.exe
File created	C:\Windows\SysWOW64\Ravasktao.exe	Ravasktao.exe
File created	C:\Windows\SysWOW64\Ravasktao.exe	Ravasktao.exe
File created	C:\Windows\SysWOW64\Ravasktao.exe	Ravasktao.exe
File created	C:\Windows\SysWOW64\Ravasktao.exe	Ravasktao.exe
File created	C:\Windows\SysWOW64\Ravasktao.exe	Ravasktao.exe
File created	C:\Windows\SysWOW64\Ravasktao.exe	Ravasktao.exe
File created	C:\Windows\SysWOW64\Ravasktao.exe	Ravasktao.exe
File created	C:\Windows\SysWOW64\Ravasktao.exe	Ravasktao.exe
File created	C:\Windows\SysWOW64\Ravasktao.exe	Ravasktao.exe
File created	C:\Windows\SysWOW64\Ravasktao.exe	Ravasktao.exe
File created	C:\Windows\SysWOW64\Ravasktao.exe	Ravasktao.exe
File created	C:\Windows\SysWOW64\Ravasktao.exe	Ravasktao.exe
File created	C:\Windows\SysWOW64\Ravasktao.exe	Ravasktao.exe
File created	C:\Windows\SysWOW64\Ravasktao.exe	Ravasktao.exe
File created	C:\Windows\SysWOW64\Ravasktao.exe	Ravasktao.exe
File created	C:\Windows\SysWOW64\Ravasktao.exe	Ravasktao.exe
File created	C:\Windows\SysWOW64\Ravasktao.exe	Ravasktao.exe
File created	C:\Windows\SysWOW64\Ravasktao.exe	Ravasktao.exe
File created	C:\Windows\SysWOW64\Ravasktao.exe	Ravasktao.exe
File created	C:\Windows\SysWOW64\Ravasktao.exe	Ravasktao.exe
File created	C:\Windows\SysWOW64\Ravasktao.exe	Ravasktao.exe
File created	C:\Windows\SysWOW64\Ravasktao.exe	Ravasktao.exe
File created	C:\Windows\SysWOW64\Ravasktao.exe	Ravasktao.exe
File created	C:\Windows\SysWOW64\Ravasktao.exe	Ravasktao.exe
File created	C:\Windows\SysWOW64\Ravasktao.exe	Ravasktao.exe
File created	C:\Windows\SysWOW64\Ravasktao.exe	Ravasktao.exe
File created	C:\Windows\SysWOW64\Ravasktao.exe	Ravasktao.exe
File created	C:\Windows\SysWOW64\Ravasktao.exe	Ravasktao.exe
File created	C:\Windows\SysWOW64\Ravasktao.exe	Ravasktao.exe
File created	C:\Windows\SysWOW64\Ravasktao.exe	Ravasktao.exe
File created	C:\Windows\SysWOW64\Ravasktao.exe	Ravasktao.exe
File created	C:\Windows\SysWOW64\Ravasktao.exe	Ravasktao.exe
File created	C:\Windows\SysWOW64\Ravasktao.exe	Ravasktao.exe
File created	C:\Windows\SysWOW64\Ravasktao.exe	Ravasktao.exe
File created	C:\Windows\SysWOW64\Ravasktao.exe	Ravasktao.exe
File created	C:\Windows\SysWOW64\Ravasktao.exe	Ravasktao.exe
File created	C:\Windows\SysWOW64\Ravasktao.exe	Ravasktao.exe
File created	C:\Windows\SysWOW64\Ravasktao.exe	Ravasktao.exe
File created	C:\Windows\SysWOW64\Ravasktao.exe	Ravasktao.exe
File created	C:\Windows\SysWOW64\Ravasktao.exe	Ravasktao.exe
File created	C:\Windows\SysWOW64\Ravasktao.exe	Ravasktao.exe
File created	C:\Windows\SysWOW64\Ravasktao.exe	Ravasktao.exe
File created	C:\Windows\SysWOW64\Ravasktao.exe	Ravasktao.exe
File created	C:\Windows\SysWOW64\Ravasktao.exe	Ravasktao.exe
File created	C:\Windows\SysWOW64\Ravasktao.exe	Ravasktao.exe
File created	C:\Windows\SysWOW64\Ravasktao.exe	Ravasktao.exe
File created	C:\Windows\SysWOW64\Ravasktao.exe	Ravasktao.exe
File created	C:\Windows\SysWOW64\Ravasktao.exe	Ravasktao.exe
File created	C:\Windows\SysWOW64\Ravasktao.exe	Ravasktao.exe
File created	C:\Windows\SysWOW64\Ravasktao.exe	Ravasktao.exe
File created	C:\Windows\SysWOW64\Ravasktao.exe	Ravasktao.exe
File created	C:\Windows\SysWOW64\Ravasktao.exe	Ravasktao.exe
File created	C:\Windows\SysWOW64\Ravasktao.exe	Ravasktao.exe
File created	C:\Windows\SysWOW64\Ravasktao.exe	Ravasktao.exe
File created	C:\Windows\SysWOW64\Ravasktao.exe	Ravasktao.exe
File created	C:\Windows\SysWOW64\Ravasktao.exe	Ravasktao.exe
File created	C:\Windows\SysWOW64\Ravasktao.exe	Ravasktao.exe
File created	C:\Windows\SysWOW64\Ravasktao.exe	Ravasktao.exe
File created	C:\Windows\SysWOW64\Ravasktao.exe	Ravasktao.exe
File created	C:\Windows\SysWOW64\Ravasktao.exe	Ravasktao.exe
File created	C:\Windows\SysWOW64\Ravasktao.exe	Ravasktao.exe
File created	C:\Windows\SysWOW64\Ravasktao.exe	Ravasktao.exe
File created	C:\Windows\SysWOW64\Ravasktao.exe	Ravasktao.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2224	9a8b80b4cce46f1fcbedde6919b6cd11.exe
2224	9a8b80b4cce46f1fcbedde6919b6cd11.exe
2224	9a8b80b4cce46f1fcbedde6919b6cd11.exe
2224	9a8b80b4cce46f1fcbedde6919b6cd11.exe
2080	Ravasktao.exe
2080	Ravasktao.exe
2080	Ravasktao.exe
2080	Ravasktao.exe
2124	Ravasktao.exe
2124	Ravasktao.exe
2124	Ravasktao.exe
2124	Ravasktao.exe
2984	Ravasktao.exe
2984	Ravasktao.exe
2984	Ravasktao.exe
2984	Ravasktao.exe
2756	Ravasktao.exe
2756	Ravasktao.exe
2756	Ravasktao.exe
2756	Ravasktao.exe
2704	Ravasktao.exe
2704	Ravasktao.exe
2704	Ravasktao.exe
2704	Ravasktao.exe
2620	Ravasktao.exe
2620	Ravasktao.exe
2620	Ravasktao.exe
2620	Ravasktao.exe
2360	Ravasktao.exe
2360	Ravasktao.exe
2360	Ravasktao.exe
2360	Ravasktao.exe
2028	Ravasktao.exe
2028	Ravasktao.exe
2028	Ravasktao.exe
2028	Ravasktao.exe
1248	Ravasktao.exe
1248	Ravasktao.exe
1248	Ravasktao.exe
1248	Ravasktao.exe
2924	Ravasktao.exe
2924	Ravasktao.exe
2924	Ravasktao.exe
2924	Ravasktao.exe
2196	Ravasktao.exe
2196	Ravasktao.exe
2196	Ravasktao.exe
2196	Ravasktao.exe
2156	Ravasktao.exe
2156	Ravasktao.exe
2156	Ravasktao.exe
2156	Ravasktao.exe
1348	Ravasktao.exe
1348	Ravasktao.exe
1348	Ravasktao.exe
1348	Ravasktao.exe
2896	Ravasktao.exe
2896	Ravasktao.exe
2896	Ravasktao.exe
2896	Ravasktao.exe
944	Ravasktao.exe
944	Ravasktao.exe
944	Ravasktao.exe
944	Ravasktao.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2224 wrote to memory of 2080	2224	9a8b80b4cce46f1fcbedde6919b6cd11.exe	28
PID 2224 wrote to memory of 2080	2224	9a8b80b4cce46f1fcbedde6919b6cd11.exe	28
PID 2224 wrote to memory of 2080	2224	9a8b80b4cce46f1fcbedde6919b6cd11.exe	28
PID 2224 wrote to memory of 2080	2224	9a8b80b4cce46f1fcbedde6919b6cd11.exe	28
PID 2224 wrote to memory of 2000	2224	9a8b80b4cce46f1fcbedde6919b6cd11.exe	29
PID 2224 wrote to memory of 2000	2224	9a8b80b4cce46f1fcbedde6919b6cd11.exe	29
PID 2224 wrote to memory of 2000	2224	9a8b80b4cce46f1fcbedde6919b6cd11.exe	29
PID 2224 wrote to memory of 2000	2224	9a8b80b4cce46f1fcbedde6919b6cd11.exe	29
PID 2080 wrote to memory of 2124	2080	Ravasktao.exe	31
PID 2080 wrote to memory of 2124	2080	Ravasktao.exe	31
PID 2080 wrote to memory of 2124	2080	Ravasktao.exe	31
PID 2080 wrote to memory of 2124	2080	Ravasktao.exe	31
PID 2080 wrote to memory of 2760	2080	Ravasktao.exe	32
PID 2080 wrote to memory of 2760	2080	Ravasktao.exe	32
PID 2080 wrote to memory of 2760	2080	Ravasktao.exe	32
PID 2080 wrote to memory of 2760	2080	Ravasktao.exe	32
PID 2124 wrote to memory of 2984	2124	Ravasktao.exe	34
PID 2124 wrote to memory of 2984	2124	Ravasktao.exe	34
PID 2124 wrote to memory of 2984	2124	Ravasktao.exe	34
PID 2124 wrote to memory of 2984	2124	Ravasktao.exe	34
PID 2124 wrote to memory of 2836	2124	Ravasktao.exe	35
PID 2124 wrote to memory of 2836	2124	Ravasktao.exe	35
PID 2124 wrote to memory of 2836	2124	Ravasktao.exe	35
PID 2124 wrote to memory of 2836	2124	Ravasktao.exe	35
PID 2984 wrote to memory of 2756	2984	Ravasktao.exe	37
PID 2984 wrote to memory of 2756	2984	Ravasktao.exe	37
PID 2984 wrote to memory of 2756	2984	Ravasktao.exe	37
PID 2984 wrote to memory of 2756	2984	Ravasktao.exe	37
PID 2984 wrote to memory of 2900	2984	Ravasktao.exe	38
PID 2984 wrote to memory of 2900	2984	Ravasktao.exe	38
PID 2984 wrote to memory of 2900	2984	Ravasktao.exe	38
PID 2984 wrote to memory of 2900	2984	Ravasktao.exe	38
PID 2756 wrote to memory of 2704	2756	Ravasktao.exe	40
PID 2756 wrote to memory of 2704	2756	Ravasktao.exe	40
PID 2756 wrote to memory of 2704	2756	Ravasktao.exe	40
PID 2756 wrote to memory of 2704	2756	Ravasktao.exe	40
PID 2756 wrote to memory of 2628	2756	Ravasktao.exe	41
PID 2756 wrote to memory of 2628	2756	Ravasktao.exe	41
PID 2756 wrote to memory of 2628	2756	Ravasktao.exe	41
PID 2756 wrote to memory of 2628	2756	Ravasktao.exe	41
PID 2704 wrote to memory of 2620	2704	Ravasktao.exe	43
PID 2704 wrote to memory of 2620	2704	Ravasktao.exe	43
PID 2704 wrote to memory of 2620	2704	Ravasktao.exe	43
PID 2704 wrote to memory of 2620	2704	Ravasktao.exe	43
PID 2704 wrote to memory of 1268	2704	Ravasktao.exe	44
PID 2704 wrote to memory of 1268	2704	Ravasktao.exe	44
PID 2704 wrote to memory of 1268	2704	Ravasktao.exe	44
PID 2704 wrote to memory of 1268	2704	Ravasktao.exe	44
PID 2620 wrote to memory of 2360	2620	Ravasktao.exe	46
PID 2620 wrote to memory of 2360	2620	Ravasktao.exe	46
PID 2620 wrote to memory of 2360	2620	Ravasktao.exe	46
PID 2620 wrote to memory of 2360	2620	Ravasktao.exe	46
PID 2620 wrote to memory of 1012	2620	Ravasktao.exe	48
PID 2620 wrote to memory of 1012	2620	Ravasktao.exe	48
PID 2620 wrote to memory of 1012	2620	Ravasktao.exe	48
PID 2620 wrote to memory of 1012	2620	Ravasktao.exe	48
PID 2360 wrote to memory of 2028	2360	Ravasktao.exe	49
PID 2360 wrote to memory of 2028	2360	Ravasktao.exe	49
PID 2360 wrote to memory of 2028	2360	Ravasktao.exe	49
PID 2360 wrote to memory of 2028	2360	Ravasktao.exe	49
PID 2360 wrote to memory of 560	2360	Ravasktao.exe	50
PID 2360 wrote to memory of 560	2360	Ravasktao.exe	50
PID 2360 wrote to memory of 560	2360	Ravasktao.exe	50
PID 2360 wrote to memory of 560	2360	Ravasktao.exe	50

C:\Users\Admin\AppData\Local\Temp\9a8b80b4cce46f1fcbedde6919b6cd11.exe
"C:\Users\Admin\AppData\Local\Temp\9a8b80b4cce46f1fcbedde6919b6cd11.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2224
- C:\Windows\SysWOW64\Ravasktao.exe
  C:\Windows\system32\Ravasktao.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2080
- - C:\Windows\SysWOW64\Ravasktao.exe
    C:\Windows\system32\Ravasktao.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2124
  - - C:\Windows\SysWOW64\Ravasktao.exe
      C:\Windows\system32\Ravasktao.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Drops file in System32 directory
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:2984
    - - C:\Windows\SysWOW64\Ravasktao.exe
        
        C:\Windows\system32\Ravasktao.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:2756
      - C:\Windows\SysWOW64\Ravasktao.exe
        
        C:\Windows\system32\Ravasktao.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:2704
        
        C:\Windows\SysWOW64\Ravasktao.exe
        
        C:\Windows\system32\Ravasktao.exe
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:2620
        
        C:\Windows\SysWOW64\Ravasktao.exe
        
        C:\Windows\system32\Ravasktao.exe
        8⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:2360
        
        C:\Windows\SysWOW64\Ravasktao.exe
        
        C:\Windows\system32\Ravasktao.exe
        9⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        Suspicious behavior: EnumeratesProcesses
        
        PID:2028
        
        C:\Windows\SysWOW64\Ravasktao.exe
        
        C:\Windows\system32\Ravasktao.exe
        10⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        Suspicious behavior: EnumeratesProcesses
        
        PID:1248
        
        C:\Windows\SysWOW64\Ravasktao.exe
        
        C:\Windows\system32\Ravasktao.exe
        11⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        
        PID:2924
        
        C:\Windows\SysWOW64\Ravasktao.exe
        
        C:\Windows\system32\Ravasktao.exe
        12⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        
        PID:2196
        
        C:\Windows\SysWOW64\Ravasktao.exe
        
        C:\Windows\system32\Ravasktao.exe
        13⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        
        PID:2156
        
        C:\Windows\SysWOW64\Ravasktao.exe
        
        C:\Windows\system32\Ravasktao.exe
        14⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        
        PID:1348
        
        C:\Windows\SysWOW64\Ravasktao.exe
        
        C:\Windows\system32\Ravasktao.exe
        15⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        Suspicious behavior: EnumeratesProcesses
        
        PID:2896
        
        C:\Windows\SysWOW64\Ravasktao.exe
        
        C:\Windows\system32\Ravasktao.exe
        16⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        
        PID:944
        
        C:\Windows\SysWOW64\Ravasktao.exe
        
        C:\Windows\system32\Ravasktao.exe
        17⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        
        PID:1948
        
        C:\Windows\SysWOW64\Ravasktao.exe
        
        C:\Windows\system32\Ravasktao.exe
        18⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:660
        
        C:\Windows\SysWOW64\Ravasktao.exe
        
        C:\Windows\system32\Ravasktao.exe
        19⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        
        PID:2372
        
        C:\Windows\SysWOW64\Ravasktao.exe
        
        C:\Windows\system32\Ravasktao.exe
        20⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:396
        
        C:\Windows\SysWOW64\Ravasktao.exe
        
        C:\Windows\system32\Ravasktao.exe
        21⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1216
        
        C:\Windows\SysWOW64\Ravasktao.exe
        
        C:\Windows\system32\Ravasktao.exe
        22⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1344
        
        C:\Windows\SysWOW64\Ravasktao.exe
        
        C:\Windows\system32\Ravasktao.exe
        23⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        
        PID:3008
        
        C:\Windows\SysWOW64\Ravasktao.exe
        
        C:\Windows\system32\Ravasktao.exe
        24⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2320
        
        C:\Windows\SysWOW64\Ravasktao.exe
        
        C:\Windows\system32\Ravasktao.exe
        25⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:548
        
        C:\Windows\SysWOW64\Ravasktao.exe
        
        C:\Windows\system32\Ravasktao.exe
        26⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2856
        
        C:\Windows\SysWOW64\Ravasktao.exe
        
        C:\Windows\system32\Ravasktao.exe
        27⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2044
        
        C:\Windows\SysWOW64\Ravasktao.exe
        
        C:\Windows\system32\Ravasktao.exe
        28⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1596
        
        C:\Windows\SysWOW64\Ravasktao.exe
        
        C:\Windows\system32\Ravasktao.exe
        29⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2496
        
        C:\Windows\SysWOW64\Ravasktao.exe
        
        C:\Windows\system32\Ravasktao.exe
        30⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        
        PID:2712
        
        C:\Windows\SysWOW64\Ravasktao.exe
        
        C:\Windows\system32\Ravasktao.exe
        31⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        
        PID:2776
        
        C:\Windows\SysWOW64\Ravasktao.exe
        
        C:\Windows\system32\Ravasktao.exe
        32⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        
        PID:2800
        
        C:\Windows\SysWOW64\Ravasktao.exe
        
        C:\Windows\system32\Ravasktao.exe
        33⤵
        Executes dropped EXE
        
        PID:2912
        
        C:\Windows\SysWOW64\Ravasktao.exe
        
        C:\Windows\system32\Ravasktao.exe
        34⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2416
        
        C:\Windows\SysWOW64\Ravasktao.exe
        
        C:\Windows\system32\Ravasktao.exe
        35⤵
        Executes dropped EXE
        
        PID:2576
        
        C:\Windows\SysWOW64\Ravasktao.exe
        
        C:\Windows\system32\Ravasktao.exe
        36⤵
        Executes dropped EXE
        
        PID:2704
        
        C:\Windows\SysWOW64\Ravasktao.exe
        
        C:\Windows\system32\Ravasktao.exe
        37⤵
        Executes dropped EXE
        
        PID:748
        
        C:\Windows\SysWOW64\Ravasktao.exe
        
        C:\Windows\system32\Ravasktao.exe
        38⤵
        Executes dropped EXE
        
        PID:1460
        
        C:\Windows\SysWOW64\Ravasktao.exe
        
        C:\Windows\system32\Ravasktao.exe
        39⤵
        Executes dropped EXE
        
        PID:2248
        
        C:\Windows\SysWOW64\Ravasktao.exe
        
        C:\Windows\system32\Ravasktao.exe
        40⤵
        Executes dropped EXE
        
        PID:2028
        
        C:\Windows\SysWOW64\Ravasktao.exe
        
        C:\Windows\system32\Ravasktao.exe
        41⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2944
        
        C:\Windows\SysWOW64\Ravasktao.exe
        
        C:\Windows\system32\Ravasktao.exe
        42⤵
        Executes dropped EXE
        
        PID:1820
        
        C:\Windows\SysWOW64\Ravasktao.exe
        
        C:\Windows\system32\Ravasktao.exe
        43⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2032
        
        C:\Windows\SysWOW64\Ravasktao.exe
        
        C:\Windows\system32\Ravasktao.exe
        44⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:1732
        
        C:\Windows\SysWOW64\Ravasktao.exe
        
        C:\Windows\system32\Ravasktao.exe
        45⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:784
        
        C:\Windows\SysWOW64\Ravasktao.exe
        
        C:\Windows\system32\Ravasktao.exe
        46⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2880
        
        C:\Windows\SysWOW64\Ravasktao.exe
        
        C:\Windows\system32\Ravasktao.exe
        47⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2908
        
        C:\Windows\SysWOW64\Ravasktao.exe
        
        C:\Windows\system32\Ravasktao.exe
        48⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:1676
        
        C:\Windows\SysWOW64\Ravasktao.exe
        
        C:\Windows\system32\Ravasktao.exe
        49⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2072
        
        C:\Windows\SysWOW64\Ravasktao.exe
        
        C:\Windows\system32\Ravasktao.exe
        50⤵
        Executes dropped EXE
        
        PID:1124
        
        C:\Windows\SysWOW64\Ravasktao.exe
        
        C:\Windows\system32\Ravasktao.exe
        51⤵
        Executes dropped EXE
        
        PID:1908
        
        C:\Windows\SysWOW64\Ravasktao.exe
        
        C:\Windows\system32\Ravasktao.exe
        52⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2020
        
        C:\Windows\SysWOW64\Ravasktao.exe
        
        C:\Windows\system32\Ravasktao.exe
        53⤵
        Executes dropped EXE
        
        PID:2280
        
        C:\Windows\SysWOW64\Ravasktao.exe
        
        C:\Windows\system32\Ravasktao.exe
        54⤵
        Executes dropped EXE
        
        PID:1368
        
        C:\Windows\SysWOW64\Ravasktao.exe
        
        C:\Windows\system32\Ravasktao.exe
        55⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:1536
        
        C:\Windows\SysWOW64\Ravasktao.exe
        
        C:\Windows\system32\Ravasktao.exe
        56⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:1152
        
        C:\Windows\SysWOW64\Ravasktao.exe
        
        C:\Windows\system32\Ravasktao.exe
        57⤵
        Executes dropped EXE
        
        PID:3048
        
        C:\Windows\SysWOW64\Ravasktao.exe
        
        C:\Windows\system32\Ravasktao.exe
        58⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:3028
        
        C:\Windows\SysWOW64\Ravasktao.exe
        
        C:\Windows\system32\Ravasktao.exe
        59⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:1016
        
        C:\Windows\SysWOW64\Ravasktao.exe
        
        C:\Windows\system32\Ravasktao.exe
        60⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:1500
        
        C:\Windows\SysWOW64\Ravasktao.exe
        
        C:\Windows\system32\Ravasktao.exe
        61⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:1680
        
        C:\Windows\SysWOW64\Ravasktao.exe
        
        C:\Windows\system32\Ravasktao.exe
        62⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2112
        
        C:\Windows\SysWOW64\Ravasktao.exe
        
        C:\Windows\system32\Ravasktao.exe
        63⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2276
        
        C:\Windows\SysWOW64\Ravasktao.exe
        
        C:\Windows\system32\Ravasktao.exe
        64⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2760
        
        C:\Windows\SysWOW64\Ravasktao.exe
        
        C:\Windows\system32\Ravasktao.exe
        65⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2692
        
        C:\Windows\SysWOW64\Ravasktao.exe
        
        C:\Windows\system32\Ravasktao.exe
        66⤵
        
        PID:2792
        
        C:\Windows\SysWOW64\Ravasktao.exe
        
        C:\Windows\system32\Ravasktao.exe
        67⤵
        
        PID:2800
        
        C:\Windows\SysWOW64\Ravasktao.exe
        
        C:\Windows\system32\Ravasktao.exe
        68⤵
        Drops file in System32 directory
        
        PID:2680
        
        C:\Windows\SysWOW64\Ravasktao.exe
        
        C:\Windows\system32\Ravasktao.exe
        69⤵
        Drops file in System32 directory
        
        PID:2564
        
        C:\Windows\SysWOW64\Ravasktao.exe
        
        C:\Windows\system32\Ravasktao.exe
        70⤵
        
        PID:2628
        
        C:\Windows\SysWOW64\Ravasktao.exe
        
        C:\Windows\system32\Ravasktao.exe
        71⤵
        
        PID:3060
        
        C:\Windows\SysWOW64\Ravasktao.exe
        
        C:\Windows\system32\Ravasktao.exe
        72⤵
        Drops file in System32 directory
        
        PID:2544
        
        C:\Windows\SysWOW64\Ravasktao.exe
        
        C:\Windows\system32\Ravasktao.exe
        73⤵
        Drops file in System32 directory
        
        PID:2548
        
        C:\Windows\SysWOW64\Ravasktao.exe
        
        C:\Windows\system32\Ravasktao.exe
        74⤵
        Drops file in System32 directory
        
        PID:636
        
        C:\Windows\SysWOW64\Ravasktao.exe
        
        C:\Windows\system32\Ravasktao.exe
        75⤵
        Drops file in System32 directory
        
        PID:2920
        
        C:\Windows\SysWOW64\Ravasktao.exe
        
        C:\Windows\system32\Ravasktao.exe
        76⤵
        
        PID:1260
        
        C:\Windows\SysWOW64\Ravasktao.exe
        
        C:\Windows\system32\Ravasktao.exe
        77⤵
        
        PID:2876
        
        C:\Windows\SysWOW64\Ravasktao.exe
        
        C:\Windows\system32\Ravasktao.exe
        78⤵
        
        PID:1820
        
        C:\Windows\SysWOW64\Ravasktao.exe
        
        C:\Windows\system32\Ravasktao.exe
        79⤵
        Drops file in System32 directory
        
        PID:2204
        
        C:\Windows\SysWOW64\Ravasktao.exe
        
        C:\Windows\system32\Ravasktao.exe
        80⤵
        
        PID:1732
        
        C:\Windows\SysWOW64\Ravasktao.exe
        
        C:\Windows\system32\Ravasktao.exe
        81⤵
        
        PID:1556
        
        C:\Windows\SysWOW64\Ravasktao.exe
        
        C:\Windows\system32\Ravasktao.exe
        82⤵
        
        PID:924
        
        C:\Windows\SysWOW64\Ravasktao.exe
        
        C:\Windows\system32\Ravasktao.exe
        83⤵
        
        PID:2896
        
        C:\Windows\SysWOW64\Ravasktao.exe
        
        C:\Windows\system32\Ravasktao.exe
        84⤵
        Drops file in System32 directory
        
        PID:944
        
        C:\Windows\SysWOW64\Ravasktao.exe
        
        C:\Windows\system32\Ravasktao.exe
        85⤵
        
        PID:2064
        
        C:\Windows\SysWOW64\Ravasktao.exe
        
        C:\Windows\system32\Ravasktao.exe
        86⤵
        Drops file in System32 directory
        
        PID:2336
        
        C:\Windows\SysWOW64\Ravasktao.exe
        
        C:\Windows\system32\Ravasktao.exe
        87⤵
        Drops file in System32 directory
        
        PID:1908
        
        C:\Windows\SysWOW64\Ravasktao.exe
        
        C:\Windows\system32\Ravasktao.exe
        88⤵
        
        PID:2348
        
        C:\Windows\SysWOW64\Ravasktao.exe
        
        C:\Windows\system32\Ravasktao.exe
        89⤵
        Drops file in System32 directory
        
        PID:1776
        
        C:\Windows\SysWOW64\Ravasktao.exe
        
        C:\Windows\system32\Ravasktao.exe
        90⤵
        
        PID:692
        
        C:\Windows\SysWOW64\Ravasktao.exe
        
        C:\Windows\system32\Ravasktao.exe
        91⤵
        
        PID:1980
        
        C:\Windows\SysWOW64\Ravasktao.exe
        
        C:\Windows\system32\Ravasktao.exe
        92⤵
        
        PID:820
        
        C:\Windows\SysWOW64\Ravasktao.exe
        
        C:\Windows\system32\Ravasktao.exe
        93⤵
        Drops file in System32 directory
        
        PID:2260
        
        C:\Windows\SysWOW64\Ravasktao.exe
        
        C:\Windows\system32\Ravasktao.exe
        94⤵
        
        PID:1744
        
        C:\Windows\SysWOW64\Ravasktao.exe
        
        C:\Windows\system32\Ravasktao.exe
        95⤵
        
        PID:1656
        
        C:\Windows\SysWOW64\Ravasktao.exe
        
        C:\Windows\system32\Ravasktao.exe
        96⤵
        
        PID:2504
        
        C:\Windows\SysWOW64\Ravasktao.exe
        
        C:\Windows\system32\Ravasktao.exe
        97⤵
        Drops file in System32 directory
        
        PID:1696
        
        C:\Windows\SysWOW64\Ravasktao.exe
        
        C:\Windows\system32\Ravasktao.exe
        98⤵
        
        PID:1600
        
        C:\Windows\SysWOW64\Ravasktao.exe
        
        C:\Windows\system32\Ravasktao.exe
        99⤵
        
        PID:2256
        
        C:\Windows\SysWOW64\Ravasktao.exe
        
        C:\Windows\system32\Ravasktao.exe
        100⤵
        Drops file in System32 directory
        
        PID:2364
        
        C:\Windows\SysWOW64\Ravasktao.exe
        
        C:\Windows\system32\Ravasktao.exe
        101⤵
        
        PID:2768
        
        C:\Windows\SysWOW64\Ravasktao.exe
        
        C:\Windows\system32\Ravasktao.exe
        102⤵
        
        PID:2124
        
        C:\Windows\SysWOW64\Ravasktao.exe
        
        C:\Windows\system32\Ravasktao.exe
        103⤵
        Drops file in System32 directory
        
        PID:2844
        
        C:\Windows\SysWOW64\Ravasktao.exe
        
        C:\Windows\system32\Ravasktao.exe
        104⤵
        Drops file in System32 directory
        
        PID:2592
        
        C:\Windows\SysWOW64\Ravasktao.exe
        
        C:\Windows\system32\Ravasktao.exe
        105⤵
        
        PID:3004
        
        C:\Windows\SysWOW64\Ravasktao.exe
        
        C:\Windows\system32\Ravasktao.exe
        106⤵
        Drops file in System32 directory
        
        PID:2416
        
        C:\Windows\SysWOW64\Ravasktao.exe
        
        C:\Windows\system32\Ravasktao.exe
        107⤵
        
        PID:2732
        
        C:\Windows\SysWOW64\Ravasktao.exe
        
        C:\Windows\system32\Ravasktao.exe
        108⤵
        Drops file in System32 directory
        
        PID:3056
        
        C:\Windows\SysWOW64\Ravasktao.exe
        
        C:\Windows\system32\Ravasktao.exe
        109⤵
        Drops file in System32 directory
        
        PID:748
        
        C:\Windows\SysWOW64\Ravasktao.exe
        
        C:\Windows\system32\Ravasktao.exe
        110⤵
        
        PID:2360
        
        C:\Windows\SysWOW64\Ravasktao.exe
        
        C:\Windows\system32\Ravasktao.exe
        111⤵
        
        PID:1356
        
        C:\Windows\SysWOW64\Ravasktao.exe
        
        C:\Windows\system32\Ravasktao.exe
        112⤵
        
        PID:2824
        
        C:\Windows\SysWOW64\Ravasktao.exe
        
        C:\Windows\system32\Ravasktao.exe
        113⤵
        
        PID:1248
        
        C:\Windows\SysWOW64\Ravasktao.exe
        
        C:\Windows\system32\Ravasktao.exe
        114⤵
        
        PID:308
        
        C:\Windows\SysWOW64\Ravasktao.exe
        
        C:\Windows\system32\Ravasktao.exe
        115⤵
        Drops file in System32 directory
        
        PID:1644
        
        C:\Windows\SysWOW64\Ravasktao.exe
        
        C:\Windows\system32\Ravasktao.exe
        116⤵
        
        PID:1388
        
        C:\Windows\SysWOW64\Ravasktao.exe
        
        C:\Windows\system32\Ravasktao.exe
        117⤵
        Drops file in System32 directory
        
        PID:864
        
        C:\Windows\SysWOW64\Ravasktao.exe
        
        C:\Windows\system32\Ravasktao.exe
        118⤵
        Drops file in System32 directory
        
        PID:2828
        
        C:\Windows\SysWOW64\Ravasktao.exe
        
        C:\Windows\system32\Ravasktao.exe
        119⤵
        
        PID:1628
        
        C:\Windows\SysWOW64\Ravasktao.exe
        
        C:\Windows\system32\Ravasktao.exe
        120⤵
        
        PID:2404
        
        C:\Windows\SysWOW64\Ravasktao.exe
        
        C:\Windows\system32\Ravasktao.exe
        121⤵
        
        PID:2352
        
        C:\Windows\SysWOW64\Ravasktao.exe
        
        C:\Windows\system32\Ravasktao.exe
        122⤵
        Drops file in System32 directory
        
        PID:2060
        
        C:\Windows\SysWOW64\Ravasktao.exe
        
        C:\Windows\system32\Ravasktao.exe
        123⤵
        Drops file in System32 directory
        
        PID:2664
        
        C:\Windows\SysWOW64\Ravasktao.exe
        
        C:\Windows\system32\Ravasktao.exe
        124⤵
        
        PID:1560
        
        C:\Windows\SysWOW64\Ravasktao.exe
        
        C:\Windows\system32\Ravasktao.exe
        125⤵
        Drops file in System32 directory
        
        PID:1080
        
        C:\Windows\SysWOW64\Ravasktao.exe
        
        C:\Windows\system32\Ravasktao.exe
        126⤵
        Drops file in System32 directory
        
        PID:2300
        
        C:\Windows\SysWOW64\Ravasktao.exe
        
        C:\Windows\system32\Ravasktao.exe
        127⤵
        
        PID:1232
        
        C:\Windows\SysWOW64\Ravasktao.exe
        
        C:\Windows\system32\Ravasktao.exe
        128⤵
        
        PID:2636
        
        C:\Windows\SysWOW64\Ravasktao.exe
        
        C:\Windows\system32\Ravasktao.exe
        129⤵
        
        PID:1000
        
        C:\Windows\SysWOW64\Ravasktao.exe
        
        C:\Windows\system32\Ravasktao.exe
        130⤵
        Drops file in System32 directory
        
        PID:2480
        
        C:\Windows\SysWOW64\Ravasktao.exe
        
        C:\Windows\system32\Ravasktao.exe
        131⤵
        Drops file in System32 directory
        
        PID:2448
        
        C:\Windows\SysWOW64\Ravasktao.exe
        
        C:\Windows\system32\Ravasktao.exe
        132⤵
        
        PID:872
        
        C:\Windows\SysWOW64\Ravasktao.exe
        
        C:\Windows\system32\Ravasktao.exe
        133⤵
        Drops file in System32 directory
        
        PID:2856
        
        C:\Windows\SysWOW64\Ravasktao.exe
        
        C:\Windows\system32\Ravasktao.exe
        134⤵
        
        PID:848
        
        C:\Windows\SysWOW64\Ravasktao.exe
        
        C:\Windows\system32\Ravasktao.exe
        135⤵
        Drops file in System32 directory
        
        PID:2236
        
        C:\Windows\SysWOW64\Ravasktao.exe
        
        C:\Windows\system32\Ravasktao.exe
        136⤵
        
        PID:1596
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\Ravasktao.exe"
        136⤵
        
        PID:2000
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\Ravasktao.exe"
        135⤵
        
        PID:1688
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\Ravasktao.exe"
        134⤵
        
        PID:1296
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\Ravasktao.exe"
        133⤵
        
        PID:1728
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\Ravasktao.exe"
        132⤵
        
        PID:2056
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\Ravasktao.exe"
        131⤵
        
        PID:1284
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\Ravasktao.exe"
        130⤵
        
        PID:2232
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\Ravasktao.exe"
        129⤵
        
        PID:1536
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\Ravasktao.exe"
        128⤵
        
        PID:1312
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\Ravasktao.exe"
        127⤵
        
        PID:436
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\Ravasktao.exe"
        126⤵
        
        PID:2020
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\Ravasktao.exe"
        125⤵
        
        PID:2180
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\Ravasktao.exe"
        124⤵
        
        PID:2336
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\Ravasktao.exe"
        123⤵
        
        PID:1940
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\Ravasktao.exe"
        122⤵
        
        PID:472
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\Ravasktao.exe"
        121⤵
        
        PID:2296
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\Ravasktao.exe"
        120⤵
        
        PID:960
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\Ravasktao.exe"
        119⤵
        
        PID:2904
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\Ravasktao.exe"
        118⤵
        
        PID:1856
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\Ravasktao.exe"
        117⤵
        
        PID:1732
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\Ravasktao.exe"
        116⤵
        
        PID:2156
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\Ravasktao.exe"
        115⤵
        
        PID:2964
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\Ravasktao.exe"
        114⤵
        
        PID:2088
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\Ravasktao.exe"
        113⤵
        
        PID:1032
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\Ravasktao.exe"
        112⤵
        
        PID:2936
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\Ravasktao.exe"
        111⤵
        
        PID:2916
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\Ravasktao.exe"
        110⤵
        
        PID:1976
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\Ravasktao.exe"
        109⤵
        
        PID:2608
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\Ravasktao.exe"
        108⤵
        
        PID:1268
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\Ravasktao.exe"
        107⤵
        
        PID:2584
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\Ravasktao.exe"
        106⤵
        
        PID:2560
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\Ravasktao.exe"
        105⤵
        
        PID:1044
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\Ravasktao.exe"
        104⤵
        
        PID:2900
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\Ravasktao.exe"
        103⤵
        
        PID:2600
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\Ravasktao.exe"
        102⤵
        
        PID:2452
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\Ravasktao.exe"
        101⤵
        
        PID:2788
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\Ravasktao.exe"
        100⤵
        
        PID:2276
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\Ravasktao.exe"
        99⤵
        
        PID:2096
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\Ravasktao.exe"
        98⤵
        
        PID:1304
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\Ravasktao.exe"
        97⤵
        
        PID:1568
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\Ravasktao.exe"
        96⤵
        
        PID:3044
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\Ravasktao.exe"
        95⤵
        
        PID:1016
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\Ravasktao.exe"
        94⤵
        
        PID:3028
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\Ravasktao.exe"
        93⤵
        
        PID:2052
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\Ravasktao.exe"
        92⤵
        
        PID:1152
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\Ravasktao.exe"
        91⤵
        
        PID:1052
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\Ravasktao.exe"
        90⤵
        
        PID:1332
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\Ravasktao.exe"
        89⤵
        
        PID:1088
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\Ravasktao.exe"
        88⤵
        
        PID:772
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\Ravasktao.exe"
        87⤵
        
        PID:2376
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\Ravasktao.exe"
        86⤵
        
        PID:2140
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\Ravasktao.exe"
        85⤵
        
        PID:1564
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\Ravasktao.exe"
        84⤵
        
        PID:3000
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\Ravasktao.exe"
        83⤵
        
        PID:1492
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\Ravasktao.exe"
        82⤵
        
        PID:604
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\Ravasktao.exe"
        81⤵
        
        PID:784
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\Ravasktao.exe"
        80⤵
        
        PID:1816
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\Ravasktao.exe"
        79⤵
        
        PID:788
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\Ravasktao.exe"
        78⤵
        
        PID:1708
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\Ravasktao.exe"
        77⤵
        
        PID:2108
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\Ravasktao.exe"
        76⤵
        
        PID:2928
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\Ravasktao.exe"
        75⤵
        
        PID:2668
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\Ravasktao.exe"
        74⤵
        
        PID:1632
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\Ravasktao.exe"
        73⤵
        
        PID:2360
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\Ravasktao.exe"
        72⤵
        
        PID:3068
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\Ravasktao.exe"
        71⤵
        
        PID:2568
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\Ravasktao.exe"
        70⤵
        
        PID:852
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\Ravasktao.exe"
        69⤵
        
        PID:2416
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\Ravasktao.exe"
        68⤵
        
        PID:2612
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\Ravasktao.exe"
        67⤵
        
        PID:2592
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\Ravasktao.exe"
        66⤵
        
        PID:2844
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\Ravasktao.exe"
        65⤵
        
        PID:2124
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\Ravasktao.exe"
        64⤵
        
        PID:2524
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\Ravasktao.exe"
        63⤵
        
        PID:2224
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\Ravasktao.exe"
        62⤵
        
        PID:1184
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\Ravasktao.exe"
        61⤵
        
        PID:2244
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\Ravasktao.exe"
        60⤵
        
        PID:2492
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\Ravasktao.exe"
        59⤵
        
        PID:2100
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\Ravasktao.exe"
        58⤵
        
        PID:2012
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\Ravasktao.exe"
        57⤵
        
        PID:1540
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\Ravasktao.exe"
        56⤵
        
        PID:1396
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\Ravasktao.exe"
        55⤵
        
        PID:812
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\Ravasktao.exe"
        54⤵
        
        PID:1088
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\Ravasktao.exe"
        53⤵
        
        PID:2372
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\Ravasktao.exe"
        52⤵
        
        PID:2324
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\Ravasktao.exe"
        51⤵
        
        PID:2268
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\Ravasktao.exe"
        50⤵
        
        PID:2664
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\Ravasktao.exe"
        49⤵
        
        PID:2060
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\Ravasktao.exe"
        48⤵
        
        PID:2904
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\Ravasktao.exe"
        47⤵
        
        PID:1868
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\Ravasktao.exe"
        46⤵
        
        PID:2656
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\Ravasktao.exe"
        45⤵
        
        PID:756
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\Ravasktao.exe"
        44⤵
        
        PID:908
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\Ravasktao.exe"
        43⤵
        
        PID:752
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\Ravasktao.exe"
        42⤵
        
        PID:2108
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\Ravasktao.exe"
        41⤵
        
        PID:2928
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\Ravasktao.exe"
        40⤵
        
        PID:2668
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\Ravasktao.exe"
        39⤵
        
        PID:1632
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\Ravasktao.exe"
        38⤵
        
        PID:1588
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\Ravasktao.exe"
        37⤵
        
        PID:3068
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\Ravasktao.exe"
        36⤵
        
        PID:2688
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\Ravasktao.exe"
        35⤵
        
        PID:2580
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\Ravasktao.exe"
        34⤵
        
        PID:1652
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\Ravasktao.exe"
        33⤵
        
        PID:2900
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\Ravasktao.exe"
        32⤵
        
        PID:2844
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\Ravasktao.exe"
        31⤵
        
        PID:1952
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\Ravasktao.exe"
        30⤵
        
        PID:2524
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\Ravasktao.exe"
        29⤵
        
        PID:2224
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\Ravasktao.exe"
        28⤵
        
        PID:2096
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\Ravasktao.exe"
        27⤵
        
        PID:2500
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\Ravasktao.exe"
        26⤵
        
        PID:884
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\Ravasktao.exe"
        25⤵
        
        PID:2208
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\Ravasktao.exe"
        24⤵
        
        PID:3028
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\Ravasktao.exe"
        23⤵
        
        PID:3048
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\Ravasktao.exe"
        22⤵
        
        PID:820
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\Ravasktao.exe"
        21⤵
        
        PID:692
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\Ravasktao.exe"
        20⤵
        
        PID:2300
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\Ravasktao.exe"
        19⤵
        
        PID:1996
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\Ravasktao.exe"
        18⤵
        
        PID:2336
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\Ravasktao.exe"
        17⤵
        
        PID:1124
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\Ravasktao.exe"
        16⤵
        
        PID:1580
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\Ravasktao.exe"
        15⤵
        
        PID:1848
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\Ravasktao.exe"
        14⤵
        
        PID:936
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\Ravasktao.exe"
        13⤵
        
        PID:1388
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\Ravasktao.exe"
        12⤵
        
        PID:2532
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\Ravasktao.exe"
        11⤵
        
        PID:2960
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\Ravasktao.exe"
        10⤵
        
        PID:2888
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\Ravasktao.exe"
        9⤵
        
        PID:560
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\Ravasktao.exe"
        8⤵
        
        PID:1012
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\Ravasktao.exe"
        7⤵
        
        PID:1268
      - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\Ravasktao.exe"
        6⤵
        
        PID:2628
    - - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\Ravasktao.exe"
        5⤵
        
        PID:2900
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\Ravasktao.exe"
      4⤵
      PID:2836
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\Ravasktao.exe"
    3⤵
    PID:2760
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c del "C:\Users\Admin\AppData\Local\Temp\9a8b80b4cce46f1fcbedde6919b6cd11.exe"
  2⤵
  - Deletes itself
  PID:2000

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

\Windows\SysWOW64\Ravasktao.exe

Filesize
9KB

MD5
9a8b80b4cce46f1fcbedde6919b6cd11

SHA1
3904ae810f73c106ef90476a2245962ea9154095

SHA256
e60530ca88494b2999ee7b9b769f64f001c88d9ceeb21eb787b1612a225876cb

SHA512
00c0bebbaeec4b9869c533c43eef51f101b633aa39e4c004b3a014bbde5b1050047430b422056ae46f2ca93414f65a87c7b6d7148a7511c9cf01b1ee5180b4ae

Download Submit
memory/548-112-0x0000000000260000-0x000000000026A000-memory.dmp

Filesize
40KB

Download
memory/660-93-0x0000000000260000-0x000000000026A000-memory.dmp

Filesize
40KB

Download
memory/748-226-0x0000000000370000-0x000000000037A000-memory.dmp

Filesize
40KB

Download
memory/784-141-0x0000000000260000-0x000000000026A000-memory.dmp

Filesize
40KB

Download
memory/944-83-0x00000000001B0000-0x00000000001BA000-memory.dmp

Filesize
40KB

Download
memory/1016-166-0x0000000000260000-0x000000000026A000-memory.dmp

Filesize
40KB

Download
memory/1080-246-0x00000000003E0000-0x00000000003EA000-memory.dmp

Filesize
40KB

Download
memory/1124-149-0x0000000000270000-0x000000000027A000-memory.dmp

Filesize
40KB

Download
memory/1152-161-0x0000000000260000-0x000000000026A000-memory.dmp

Filesize
40KB

Download
memory/1248-54-0x00000000001B0000-0x00000000001BA000-memory.dmp

Filesize
40KB

Download
memory/1348-73-0x00000000001B0000-0x00000000001BA000-memory.dmp

Filesize
40KB

Download
memory/1368-157-0x0000000000260000-0x000000000026A000-memory.dmp

Filesize
40KB

Download
memory/1388-235-0x0000000000260000-0x000000000026A000-memory.dmp

Filesize
40KB

Download
memory/1536-159-0x0000000000260000-0x000000000026A000-memory.dmp

Filesize
40KB

Download
memory/1560-244-0x0000000000260000-0x000000000026A000-memory.dmp

Filesize
40KB

Download
memory/1596-118-0x00000000001B0000-0x00000000001BA000-memory.dmp

Filesize
40KB

Download
memory/1600-212-0x00000000001B0000-0x00000000001BA000-memory.dmp

Filesize
40KB

Download
memory/1644-233-0x00000000001F0000-0x00000000001FA000-memory.dmp

Filesize
40KB

Download
memory/1676-145-0x0000000000220000-0x000000000022A000-memory.dmp

Filesize
40KB

Download
memory/1676-146-0x0000000000220000-0x000000000022A000-memory.dmp

Filesize
40KB

Download
memory/1820-137-0x0000000000260000-0x000000000026A000-memory.dmp

Filesize
40KB

Download
memory/1908-151-0x0000000000270000-0x000000000027A000-memory.dmp

Filesize
40KB

Download
memory/1908-152-0x0000000000270000-0x000000000027A000-memory.dmp

Filesize
40KB

Download
memory/1980-203-0x00000000001B0000-0x00000000001BA000-memory.dmp

Filesize
40KB

Download
memory/2020-154-0x00000000001C0000-0x00000000001CA000-memory.dmp

Filesize
40KB

Download
memory/2028-49-0x00000000001B0000-0x00000000001BA000-memory.dmp

Filesize
40KB

Download
memory/2028-48-0x00000000001B0000-0x00000000001BA000-memory.dmp

Filesize
40KB

Download
memory/2044-116-0x00000000003A0000-0x00000000003AA000-memory.dmp

Filesize
40KB

Download
memory/2064-196-0x0000000000220000-0x000000000022A000-memory.dmp

Filesize
40KB

Download
memory/2080-10-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2080-16-0x00000000001B0000-0x00000000001BA000-memory.dmp

Filesize
40KB

Download
memory/2156-68-0x0000000000220000-0x000000000022A000-memory.dmp

Filesize
40KB

Download
memory/2156-64-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2196-59-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2224-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2224-9-0x0000000000220000-0x000000000022A000-memory.dmp

Filesize
40KB

Download
memory/2224-11-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2256-214-0x0000000000270000-0x000000000027A000-memory.dmp

Filesize
40KB

Download
memory/2260-206-0x0000000000220000-0x000000000022A000-memory.dmp

Filesize
40KB

Download
memory/2320-110-0x0000000000260000-0x000000000026A000-memory.dmp

Filesize
40KB

Download
memory/2360-42-0x0000000000260000-0x000000000026A000-memory.dmp

Filesize
40KB

Download
memory/2416-128-0x0000000000230000-0x000000000023A000-memory.dmp

Filesize
40KB

Download
memory/2448-253-0x0000000000260000-0x000000000026A000-memory.dmp

Filesize
40KB

Download
memory/2496-120-0x00000000002E0000-0x00000000002EA000-memory.dmp

Filesize
40KB

Download
memory/2564-179-0x0000000000260000-0x000000000026A000-memory.dmp

Filesize
40KB

Download
memory/2592-220-0x00000000001B0000-0x00000000001BA000-memory.dmp

Filesize
40KB

Download
memory/2620-38-0x0000000000220000-0x000000000022A000-memory.dmp

Filesize
40KB

Download
memory/2712-122-0x0000000000260000-0x000000000026A000-memory.dmp

Filesize
40KB

Download
memory/2800-125-0x0000000000220000-0x000000000022A000-memory.dmp

Filesize
40KB

Download
memory/2856-114-0x0000000000260000-0x000000000026A000-memory.dmp

Filesize
40KB

Download
memory/2896-78-0x0000000000270000-0x000000000027A000-memory.dmp

Filesize
40KB

Download
memory/2984-21-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/3008-108-0x00000000001F0000-0x00000000001FA000-memory.dmp

Filesize
40KB

Download
memory/3028-164-0x0000000000270000-0x000000000027A000-memory.dmp

Filesize
40KB

Download