65d41a6f6d43aa558c8072eec9312740678331e42642097927c162e9f9a1964f

Analysis

max time kernel
149s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
14/10/2023, 17:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.2c7fa56ba7147c6f42a0d830bf451ab0.exe
Size

304KB
MD5

2c7fa56ba7147c6f42a0d830bf451ab0
SHA1

4fb2c593956d5e1f7069979a1d27a0db30a2cf63
SHA256

65d41a6f6d43aa558c8072eec9312740678331e42642097927c162e9f9a1964f
SHA512

d21bc4528c16220f349025a34521019815a7563815d102a2edfbdb39a69db87fdb1d24dbc0335e9e36e028a19429cfcb15878eb6238d681c2081fe44417030d1
SSDEEP

3072:ntwizQTj8CSUYf8W3nSjen++Bj88OZS0/Qe2HdOylqwMykw+imi5nMx6:Nuj8NDF3OR9/Qe2HdJ8pSf

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2932	casino_extensions.exe
3712	Casino_ext.exe
2352	casino_extensions.exe
628	Casino_ext.exe
3692	casino_extensions.exe
2232	Casino_ext.exe
32	casino_extensions.exe
212	Casino_ext.exe
2284	casino_extensions.exe
1920	Casino_ext.exe
844	casino_extensions.exe
4440	Casino_ext.exe
4760	casino_extensions.exe
1716	Casino_ext.exe
1556	casino_extensions.exe
3304	Casino_ext.exe
2572	casino_extensions.exe
5092	Casino_ext.exe
1552	casino_extensions.exe
5036	casino_extensions.exe
1264	casino_extensions.exe
2476	Casino_ext.exe
1472	casino_extensions.exe
4516	Casino_ext.exe
3148	casino_extensions.exe
3196	Casino_ext.exe
1400	casino_extensions.exe
2744	Casino_ext.exe
1016	casino_extensions.exe
4824	Casino_ext.exe
1012	casino_extensions.exe
2148	Casino_ext.exe
3180	casino_extensions.exe
4852	Casino_ext.exe
4340	casino_extensions.exe
4632	Casino_ext.exe
1676	casino_extensions.exe
1276	Casino_ext.exe
3004	casino_extensions.exe
1832	Casino_ext.exe
4228	casino_extensions.exe
3956	Casino_ext.exe
4468	casino_extensions.exe
1848	Casino_ext.exe
3768	casino_extensions.exe
3724	Casino_ext.exe
1928	casino_extensions.exe
1164	Casino_ext.exe
1808	svchost.exe
1788	Casino_ext.exe
628	casino_extensions.exe
676	Casino_ext.exe
2232	casino_extensions.exe
1304	Casino_ext.exe
3212	casino_extensions.exe
224	Casino_ext.exe
1484	casino_extensions.exe
1368	Casino_ext.exe
1704	LiveMessageCenter.exe
2956	Casino_ext.exe
5080	Casino_ext.exe
1556	casino_extensions.exe
4604	Casino_ext.exe
3880	casino_extensions.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\LiveMessageCenter.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	Casino_ext.exe
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	Casino_ext.exe
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\LiveMessageCenter.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	Conhost.exe
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	Casino_ext.exe
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	Process not Found

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	Process not Found
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	Process not Found
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	Process not Found
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	Process not Found
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	Process not Found
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	Process not Found
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	Process not Found
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	Process not Found
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	Process not Found
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	Process not Found
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	Process not Found
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	Process not Found
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	Process not Found
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	Process not Found
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	Process not Found
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	Process not Found
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	Process not Found
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	Process not Found
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	Process not Found
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	Casino_ext.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	Process not Found
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	Process not Found
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	Process not Found
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	Process not Found
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	Process not Found
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	Process not Found
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	Process not Found
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	Casino_ext.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	Process not Found
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	Process not Found
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	Casino_ext.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	Process not Found
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	Casino_ext.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	Process not Found
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	Process not Found
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	Process not Found
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	Process not Found
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	Process not Found
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	Process not Found
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	Process not Found
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	Process not Found
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	Process not Found
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	Process not Found
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	Casino_ext.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	Process not Found
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	Process not Found
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	Process not Found
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	Process not Found
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	Casino_ext.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	casino_extensions.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3712	Casino_ext.exe
3712	Casino_ext.exe
628	Casino_ext.exe
628	Casino_ext.exe
2232	Casino_ext.exe
2232	Casino_ext.exe
212	Casino_ext.exe
212	Casino_ext.exe
1920	Casino_ext.exe
1920	Casino_ext.exe
4440	Casino_ext.exe
4440	Casino_ext.exe
1716	Casino_ext.exe
1716	Casino_ext.exe
3304	Casino_ext.exe
3304	Casino_ext.exe
5092	Casino_ext.exe
5092	Casino_ext.exe
5036	casino_extensions.exe
5036	casino_extensions.exe
2476	Casino_ext.exe
2476	Casino_ext.exe
4516	Casino_ext.exe
4516	Casino_ext.exe
3196	Casino_ext.exe
3196	Casino_ext.exe
2744	Casino_ext.exe
2744	Casino_ext.exe
4824	Casino_ext.exe
4824	Casino_ext.exe
2148	Casino_ext.exe
2148	Casino_ext.exe
4852	Casino_ext.exe
4852	Casino_ext.exe
4632	Casino_ext.exe
4632	Casino_ext.exe
1276	Casino_ext.exe
1276	Casino_ext.exe
1832	Casino_ext.exe
1832	Casino_ext.exe
3956	Casino_ext.exe
3956	Casino_ext.exe
1848	Casino_ext.exe
1848	Casino_ext.exe
3724	Casino_ext.exe
3724	Casino_ext.exe
1164	Casino_ext.exe
1164	Casino_ext.exe
1788	Casino_ext.exe
1788	Casino_ext.exe
676	Casino_ext.exe
676	Casino_ext.exe
1304	Casino_ext.exe
1304	Casino_ext.exe
224	Casino_ext.exe
224	Casino_ext.exe
1368	Casino_ext.exe
1368	Casino_ext.exe
1704	LiveMessageCenter.exe
1704	LiveMessageCenter.exe
5080	Casino_ext.exe
5080	Casino_ext.exe
4604	Casino_ext.exe
4604	Casino_ext.exe

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
4840	NEAS.2c7fa56ba7147c6f42a0d830bf451ab0.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4840 wrote to memory of 1164	4840	NEAS.2c7fa56ba7147c6f42a0d830bf451ab0.exe	84
PID 4840 wrote to memory of 1164	4840	NEAS.2c7fa56ba7147c6f42a0d830bf451ab0.exe	84
PID 4840 wrote to memory of 1164	4840	NEAS.2c7fa56ba7147c6f42a0d830bf451ab0.exe	84
PID 1164 wrote to memory of 2932	1164	casino_extensions.exe	85
PID 1164 wrote to memory of 2932	1164	casino_extensions.exe	85
PID 1164 wrote to memory of 2932	1164	casino_extensions.exe	85
PID 2932 wrote to memory of 3712	2932	casino_extensions.exe	86
PID 2932 wrote to memory of 3712	2932	casino_extensions.exe	86
PID 2932 wrote to memory of 3712	2932	casino_extensions.exe	86
PID 3712 wrote to memory of 2576	3712	Casino_ext.exe	87
PID 3712 wrote to memory of 2576	3712	Casino_ext.exe	87
PID 3712 wrote to memory of 2576	3712	Casino_ext.exe	87
PID 2576 wrote to memory of 2352	2576	casino_extensions.exe	88
PID 2576 wrote to memory of 2352	2576	casino_extensions.exe	88
PID 2576 wrote to memory of 2352	2576	casino_extensions.exe	88
PID 2352 wrote to memory of 628	2352	casino_extensions.exe	89
PID 2352 wrote to memory of 628	2352	casino_extensions.exe	89
PID 2352 wrote to memory of 628	2352	casino_extensions.exe	89
PID 628 wrote to memory of 396	628	Casino_ext.exe	90
PID 628 wrote to memory of 396	628	Casino_ext.exe	90
PID 628 wrote to memory of 396	628	Casino_ext.exe	90
PID 396 wrote to memory of 3692	396	casino_extensions.exe	91
PID 396 wrote to memory of 3692	396	casino_extensions.exe	91
PID 396 wrote to memory of 3692	396	casino_extensions.exe	91
PID 3692 wrote to memory of 2232	3692	casino_extensions.exe	92
PID 3692 wrote to memory of 2232	3692	casino_extensions.exe	92
PID 3692 wrote to memory of 2232	3692	casino_extensions.exe	92
PID 2232 wrote to memory of 312	2232	Casino_ext.exe	93
PID 2232 wrote to memory of 312	2232	Casino_ext.exe	93
PID 2232 wrote to memory of 312	2232	Casino_ext.exe	93
PID 312 wrote to memory of 32	312	casino_extensions.exe	94
PID 312 wrote to memory of 32	312	casino_extensions.exe	94
PID 312 wrote to memory of 32	312	casino_extensions.exe	94
PID 32 wrote to memory of 212	32	casino_extensions.exe	95
PID 32 wrote to memory of 212	32	casino_extensions.exe	95
PID 32 wrote to memory of 212	32	casino_extensions.exe	95
PID 212 wrote to memory of 760	212	Casino_ext.exe	96
PID 212 wrote to memory of 760	212	Casino_ext.exe	96
PID 212 wrote to memory of 760	212	Casino_ext.exe	96
PID 760 wrote to memory of 2284	760	casino_extensions.exe	97
PID 760 wrote to memory of 2284	760	casino_extensions.exe	97
PID 760 wrote to memory of 2284	760	casino_extensions.exe	97
PID 2284 wrote to memory of 1920	2284	casino_extensions.exe	98
PID 2284 wrote to memory of 1920	2284	casino_extensions.exe	98
PID 2284 wrote to memory of 1920	2284	casino_extensions.exe	98
PID 1920 wrote to memory of 3688	1920	Casino_ext.exe	99
PID 1920 wrote to memory of 3688	1920	Casino_ext.exe	99
PID 1920 wrote to memory of 3688	1920	Casino_ext.exe	99
PID 3688 wrote to memory of 844	3688	casino_extensions.exe	100
PID 3688 wrote to memory of 844	3688	casino_extensions.exe	100
PID 3688 wrote to memory of 844	3688	casino_extensions.exe	100
PID 844 wrote to memory of 4440	844	casino_extensions.exe	102
PID 844 wrote to memory of 4440	844	casino_extensions.exe	102
PID 844 wrote to memory of 4440	844	casino_extensions.exe	102
PID 4440 wrote to memory of 2956	4440	Casino_ext.exe	103
PID 4440 wrote to memory of 2956	4440	Casino_ext.exe	103
PID 4440 wrote to memory of 2956	4440	Casino_ext.exe	103
PID 2956 wrote to memory of 4760	2956	casino_extensions.exe	104
PID 2956 wrote to memory of 4760	2956	casino_extensions.exe	104
PID 2956 wrote to memory of 4760	2956	casino_extensions.exe	104
PID 4760 wrote to memory of 1716	4760	casino_extensions.exe	105
PID 4760 wrote to memory of 1716	4760	casino_extensions.exe	105
PID 4760 wrote to memory of 1716	4760	casino_extensions.exe	105
PID 1716 wrote to memory of 3940	1716	Casino_ext.exe	106

C:\Users\Admin\AppData\Local\Temp\NEAS.2c7fa56ba7147c6f42a0d830bf451ab0.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.2c7fa56ba7147c6f42a0d830bf451ab0.exe"
1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of WriteProcessMemory
PID:4840
- C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
  "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1164
- - C:\Windows\SysWOW64\casino_extensions.exe
    C:\Windows\system32\casino_extensions.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:2932
  - - C:\Windows\SysWOW64\Casino_ext.exe
      C:\Windows\SysWOW64\Casino_ext.exe
      4⤵
      Executes dropped EXE
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:3712
    - - C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:2576
      - C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        6⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:2352
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        7⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:628
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        8⤵
        Suspicious use of WriteProcessMemory
        
        PID:396
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        9⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:3692
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        10⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:2232
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        11⤵
        Suspicious use of WriteProcessMemory
        
        PID:312
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        12⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:32
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        13⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:212
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        14⤵
        Suspicious use of WriteProcessMemory
        
        PID:760
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        15⤵
        Executes dropped EXE
        Drops file in Program Files directory
        Suspicious use of WriteProcessMemory
        
        PID:2284
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        16⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:1920
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        17⤵
        Suspicious use of WriteProcessMemory
        
        PID:3688
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        18⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:844
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        19⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:4440
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        20⤵
        
        PID:2956
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        21⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:4760
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        22⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:1716
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        23⤵
        
        PID:3940
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        24⤵
        
        PID:1556
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        25⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        
        PID:3304
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        26⤵
        
        PID:4204
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        27⤵
        Executes dropped EXE
        
        PID:2572
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        28⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        
        PID:5092
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        29⤵
        
        PID:2520
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        30⤵
        Executes dropped EXE
        
        PID:1552
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        31⤵
        
        PID:5036
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        32⤵
        
        PID:4248
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        33⤵
        Executes dropped EXE
        
        PID:1264
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        34⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        
        PID:2476
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        35⤵
        
        PID:1996
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        31⤵
        
        PID:4700
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        32⤵
        
        PID:3660
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        33⤵
        
        PID:3080
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        34⤵
        
        PID:2688
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        35⤵
        
        PID:1608
        
        C:\Windows\SysWOW64\LiveMessageCenter.exe
        
        C:\Windows\system32\LiveMessageCenter.exe
        36⤵
        
        PID:672
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        37⤵
        
        PID:3616
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        38⤵
        
        PID:1472
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        39⤵
        
        PID:3820
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        40⤵
        
        PID:2116
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        41⤵
        
        PID:3468
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        42⤵
        
        PID:804
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        43⤵
        
        PID:3076
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        44⤵
        
        PID:4432
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        45⤵
        
        PID:4792
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        46⤵
        
        PID:4912
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        47⤵
        
        PID:3524
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        48⤵
        
        PID:1752
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        49⤵
        
        PID:2148
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        50⤵
        
        PID:1040
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        51⤵
        
        PID:3272
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        52⤵
        
        PID:2492
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        53⤵
        
        PID:4340
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        54⤵
        
        PID:2560
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        55⤵
        
        PID:4560
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        56⤵
        
        PID:1288
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        57⤵
        
        PID:4276
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        58⤵
        
        PID:5024
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        59⤵
        
        PID:4636
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        60⤵
        
        PID:3504
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        61⤵
        
        PID:1832
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        62⤵
        
        PID:1256
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        63⤵
        
        PID:1828
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        64⤵
        
        PID:2624
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        65⤵
        
        PID:4360
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        66⤵
        
        PID:3564
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        67⤵
        
        PID:3956
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        68⤵
        
        PID:4268
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        69⤵
        
        PID:4244
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        70⤵
        
        PID:4288
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        71⤵
        
        PID:1384
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        72⤵
        
        PID:1412
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        73⤵
        
        PID:3028
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        74⤵
        
        PID:4280
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        75⤵
        
        PID:1148
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        76⤵
        
        PID:2020
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        77⤵
        
        PID:1164
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        78⤵
        
        PID:2024
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        79⤵
        
        PID:3764
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        80⤵
        
        PID:852
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        81⤵
        
        PID:4016
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        82⤵
        
        PID:1364
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        83⤵
        Drops file in System32 directory
        
        PID:4916
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        84⤵
        
        PID:760
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        85⤵
        
        PID:4352
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        86⤵
        
        PID:2452
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        87⤵
        
        PID:4440
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        88⤵
        
        PID:2284
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        89⤵
        
        PID:4456
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        90⤵
        
        PID:1484
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        91⤵
        
        PID:1596
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        92⤵
        
        PID:1660
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        93⤵
        
        PID:2572
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        94⤵
        
        PID:2468
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        95⤵
        
        PID:4552
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        96⤵
        
        PID:1924
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        97⤵
        Drops file in Program Files directory
        
        PID:4140
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        98⤵
        
        PID:4728
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        99⤵
        
        PID:5008
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        100⤵
        
        PID:4700
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        101⤵
        
        PID:4484
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        102⤵
        
        PID:3148
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        103⤵
        
        PID:3660
        
        C:\Windows\SysWOW64\LiveMessageCenter.exe
        
        C:\Windows\system32\LiveMessageCenter.exe
        104⤵
        
        PID:2688
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        105⤵
        
        PID:1072
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        106⤵
        
        PID:672
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        107⤵
        
        PID:4196
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        108⤵
        
        PID:3616
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        109⤵
        Drops file in Program Files directory
        
        PID:2500
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        110⤵
        
        PID:3964
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        111⤵
        
        PID:4588
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        112⤵
        
        PID:804
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        113⤵
        
        PID:4556
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        114⤵
        
        PID:4188
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        115⤵
        
        PID:4824
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        116⤵
        
        PID:740
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        117⤵
        
        PID:4772
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        118⤵
        
        PID:2396
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        119⤵
        
        PID:4752
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        120⤵
        
        PID:832
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        121⤵
        
        PID:3548
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        122⤵
        
        PID:3272
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        123⤵
        
        PID:764
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        124⤵
        
        PID:4908
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        125⤵
        
        PID:4716
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        126⤵
        
        PID:4340
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        127⤵
        
        PID:4024
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        128⤵
        
        PID:4764
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        129⤵
        
        PID:3416
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        130⤵
        
        PID:4664
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        131⤵
        
        PID:1732
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        132⤵
        
        PID:1828
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        133⤵
        
        PID:2624
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        134⤵
        
        PID:1848
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        135⤵
        
        PID:4268
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        136⤵
        
        PID:3724
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        137⤵
        
        PID:4192
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        138⤵
        
        PID:1384
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        139⤵
        
        PID:4332
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        140⤵
        
        PID:3728
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        141⤵
        
        PID:4280
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        142⤵
        
        PID:1312
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        143⤵
        
        PID:1164
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        144⤵
        Drops file in System32 directory
        
        PID:3764
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        145⤵
        
        PID:628
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        146⤵
        
        PID:4640
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        147⤵
        
        PID:3980
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        148⤵
        
        PID:4464
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        149⤵
        
        PID:4272
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        150⤵
        
        PID:3816
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        151⤵
        
        PID:1624
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        152⤵
        
        PID:224
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        153⤵
        
        PID:2452
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        154⤵
        
        PID:4508
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        155⤵
        
        PID:2284
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        156⤵
        
        PID:5080
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        157⤵
        
        PID:2956
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        158⤵
        
        PID:4120
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        159⤵
        
        PID:1660
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        160⤵
        
        PID:408
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        161⤵
        
        PID:1264
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        162⤵
        
        PID:4552
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        163⤵
        
        PID:3024
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        164⤵
        
        PID:4728
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        165⤵
        Drops file in Program Files directory
        
        PID:5008
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        166⤵
        
        PID:4532
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        167⤵
        
        PID:4700
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        168⤵
        Drops file in System32 directory
        
        PID:3148
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        169⤵
        
        PID:3068
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        170⤵
        Drops file in System32 directory
        
        PID:3660
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        171⤵
        Drops file in System32 directory
        
        PID:4220
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        172⤵
        
        PID:3240
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        173⤵
        
        PID:672
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        174⤵
        
        PID:5040
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        175⤵
        
        PID:3616
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        176⤵
        
        PID:3964
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        177⤵
        
        PID:4724
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        178⤵
        Drops file in Program Files directory
        
        PID:4432
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        179⤵
        
        PID:804
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        180⤵
        
        PID:3276
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        181⤵
        
        PID:4188
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        182⤵
        
        PID:3524
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        183⤵
        
        PID:1680
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        184⤵
        
        PID:1040
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        185⤵
        
        PID:2396
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        186⤵
        
        PID:1032
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        187⤵
        
        PID:4608
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        188⤵
        
        PID:984
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        189⤵
        
        PID:4388
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        190⤵
        
        PID:1940
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        191⤵
        
        PID:4992
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        192⤵
        Drops file in System32 directory
        
        PID:3016
        
        C:\Windows\SysWOW64\LiveMessageCenter.exe
        
        C:\Windows\system32\LiveMessageCenter.exe
        193⤵
        
        PID:832
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        194⤵
        
        PID:1916
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        195⤵
        
        PID:2560
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        196⤵
        
        PID:4716
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        197⤵
        
        PID:4032
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        198⤵
        
        PID:4276
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        199⤵
        
        PID:3044
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        200⤵
        
        PID:4340
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        201⤵
        
        PID:3804
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        202⤵
        
        PID:4360
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        203⤵
        
        PID:400
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        204⤵
        
        PID:3824
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        205⤵
        
        PID:4956
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        206⤵
        
        PID:2624
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        207⤵
        
        PID:2648
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        208⤵
        
        PID:4268
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        209⤵
        
        PID:4192
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        210⤵
        
        PID:4184
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        211⤵
        
        PID:2020
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        212⤵
        
        PID:4332
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        213⤵
        
        PID:4016
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        214⤵
        
        PID:3336
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        215⤵
        
        PID:1312
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        216⤵
        
        PID:32
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        217⤵
        
        PID:4916
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        218⤵
        
        PID:628
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        219⤵
        
        PID:3896
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        220⤵
        
        PID:2096
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        221⤵
        
        PID:996
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        222⤵
        
        PID:4172
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        223⤵
        Drops file in System32 directory
        
        PID:3816
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        224⤵
        Drops file in System32 directory
        
        PID:4456
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        225⤵
        Drops file in Program Files directory
        
        PID:4376
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        226⤵
        
        PID:4508
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        227⤵
        
        PID:4688
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        228⤵
        
        PID:4692
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        229⤵
        
        PID:4136
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        230⤵
        
        PID:2164
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        231⤵
        
        PID:3880
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        232⤵
        
        PID:2520
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        233⤵
        
        PID:4012
        
        C:\Windows\SysWOW64\LiveMessageCenter.exe
        
        C:\Windows\system32\LiveMessageCenter.exe
        234⤵
        
        PID:1244
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        235⤵
        
        PID:4140
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        236⤵
        
        PID:3172
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        237⤵
        
        PID:1608
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        238⤵
        
        PID:3436
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        239⤵
        
        PID:4532
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        240⤵
        
        PID:3820
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        241⤵
        
        PID:1400
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        242⤵
        
        PID:2688
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        243⤵
        
        PID:1600
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        244⤵
        
        PID:2116
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        245⤵
        
        PID:4196
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        246⤵
        
        PID:380
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        247⤵
        
        PID:3832
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        248⤵
        
        PID:432
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        249⤵
        
        PID:4824
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        250⤵
        
        PID:4432
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        251⤵
        
        PID:4912
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        252⤵
        
        PID:1404
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        253⤵
        
        PID:2376
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        254⤵
        Drops file in Program Files directory
        
        PID:1184
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        255⤵
        
        PID:3056
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        256⤵
        
        PID:1680
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        257⤵
        
        PID:4148
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        258⤵
        
        PID:2964
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        259⤵
        Drops file in System32 directory
        
        PID:1032
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        260⤵
        
        PID:4808
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        261⤵
        
        PID:4628
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        262⤵
        
        PID:3940
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        263⤵
        
        PID:1324
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        264⤵
        
        PID:3272
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        265⤵
        Drops file in System32 directory
        
        PID:2288
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        266⤵
        
        PID:4168
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        267⤵
        
        PID:1916
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        268⤵
        Drops file in System32 directory
        
        PID:4720
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        269⤵
        
        PID:4024
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        270⤵
        
        PID:5004
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        271⤵
        
        PID:3044
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        272⤵
        
        PID:4244
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        273⤵
        
        PID:4664
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        274⤵
        
        PID:4360
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        275⤵
        
        PID:4744
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        276⤵
        Drops file in System32 directory
        
        PID:1828
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        277⤵
        
        PID:4956
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        278⤵
        
        PID:3724
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        279⤵
        
        PID:2624
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        280⤵
        
        PID:4268
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        281⤵
        
        PID:852
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        282⤵
        
        PID:1148
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        283⤵
        
        PID:4452
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        284⤵
        
        PID:1164
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        285⤵
        
        PID:2024
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        286⤵
        
        PID:2720
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        287⤵
        
        PID:760
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        288⤵
        
        PID:3980
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        289⤵
        
        PID:864
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        290⤵
        
        PID:628
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        291⤵
        
        PID:2684
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        292⤵
        
        PID:4352
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        293⤵
        
        PID:2180
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        294⤵
        
        PID:4008
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        295⤵
        
        PID:3332
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        296⤵
        
        PID:5080
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        297⤵
        
        PID:2260
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        298⤵
        
        PID:1596
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        299⤵
        Drops file in Program Files directory
        
        PID:4688
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        300⤵
        
        PID:1924
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        301⤵
        
        PID:1264
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        302⤵
        
        PID:3080
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        303⤵
        
        PID:2520
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        304⤵
        
        PID:3412
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        305⤵
        
        PID:4484
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        306⤵
        
        PID:3024
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        307⤵
        
        PID:2760
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        308⤵
        
        PID:3172
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        309⤵
        
        PID:1608
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        310⤵
        
        PID:2840
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        311⤵
        
        PID:1928
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        312⤵
        
        PID:2996
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        313⤵
        
        PID:2424
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        314⤵
        
        PID:3460
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        315⤵
        
        PID:4396
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        316⤵
        
        PID:3436
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        317⤵
        
        PID:3892
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        318⤵
        
        PID:3616
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        319⤵
        
        PID:672
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        320⤵
        
        PID:3624
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        321⤵
        
        PID:4988
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        322⤵
        
        PID:4160
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        323⤵
        Drops file in Program Files directory
        
        PID:4588
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        324⤵
        
        PID:804
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        325⤵
        
        PID:432
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        326⤵
        
        PID:4188
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        327⤵
        
        PID:1404
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        328⤵
        
        PID:2264
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        329⤵
        
        PID:1800
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        330⤵
        
        PID:4076
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        331⤵
        
        PID:4152
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        332⤵
        
        PID:5056
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        333⤵
        
        PID:1436
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        334⤵
        
        PID:3196
        
        C:\Windows\SysWOW64\LiveMessageCenter.exe
        
        C:\Windows\system32\LiveMessageCenter.exe
        335⤵
        
        PID:764
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        336⤵
        
        PID:4992
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        337⤵
        
        PID:1940
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        338⤵
        Drops file in Program Files directory
        
        PID:5024
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        339⤵
        
        PID:3008
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        340⤵
        
        PID:1324
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        341⤵
        
        PID:4764
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        342⤵
        
        PID:4880
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        343⤵
        
        PID:4180
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        344⤵
        
        PID:3676
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        345⤵
        
        PID:3356
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        346⤵
        
        PID:4024
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        347⤵
        
        PID:3688
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        348⤵
        
        PID:3216
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        349⤵
        
        PID:1412
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        350⤵
        
        PID:3416
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        351⤵
        
        PID:2568
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        352⤵
        
        PID:3028
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        353⤵
        
        PID:3824
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        354⤵
        
        PID:4192
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        355⤵
        
        PID:2648
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        356⤵
        Drops file in Program Files directory
        
        PID:1384
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        357⤵
        Drops file in System32 directory
        
        PID:212
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        358⤵
        Drops file in Program Files directory
        
        PID:4016
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        359⤵
        
        PID:3692
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        360⤵
        
        PID:1364
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        361⤵
        
        PID:4756
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        362⤵
        
        PID:3336
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        363⤵
        
        PID:4652
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        364⤵
        
        PID:2720
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        365⤵
        
        PID:2096
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        366⤵
        
        PID:1624
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        367⤵
        
        PID:844
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        368⤵
        
        PID:3500
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        369⤵
        
        PID:4960
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        370⤵
        
        PID:220
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        371⤵
        
        PID:996
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        372⤵
        
        PID:2408
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        373⤵
        
        PID:684
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        374⤵
        
        PID:5080
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        375⤵
        
        PID:3960
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        376⤵
        
        PID:1596
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        377⤵
        
        PID:2152
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        378⤵
        
        PID:4012
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        379⤵
        
        PID:1264
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        380⤵
        
        PID:4728
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        381⤵
        
        PID:1996
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        382⤵
        
        PID:3024
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        383⤵
        
        PID:2824
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        384⤵
        
        PID:4972
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        385⤵
        
        PID:4524
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        386⤵
        
        PID:2912
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        387⤵
        
        PID:3068
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        388⤵
        
        PID:1928
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        389⤵
        
        PID:3148
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        390⤵
        
        PID:4532
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        391⤵
        
        PID:2424
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        392⤵
        
        PID:4396
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        393⤵
        
        PID:3428
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        394⤵
        
        PID:3892
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        395⤵
        
        PID:3616
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        396⤵
        
        PID:2116
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        397⤵
        
        PID:380
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        398⤵
        
        PID:3904
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        399⤵
        
        PID:4824
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        400⤵
        
        PID:4792
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        401⤵
        
        PID:2148
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        402⤵
        
        PID:4772
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        403⤵
        
        PID:1040
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        404⤵
        
        PID:3524
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        405⤵
        
        PID:4500
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        406⤵
        
        PID:3832
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        407⤵
        
        PID:3056
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        408⤵
        
        PID:2376
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        409⤵
        
        PID:4608
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        410⤵
        
        PID:2964
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        411⤵
        
        PID:1680
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        412⤵
        
        PID:1032
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        413⤵
        
        PID:4628
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        414⤵
        
        PID:764
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        415⤵
        
        PID:832
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        416⤵
        
        PID:1940
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        417⤵
        
        PID:2560
        
        C:\Windows\SysWOW64\LiveMessageCenter.exe
        
        C:\Windows\system32\LiveMessageCenter.exe
        418⤵
        
        PID:4716
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        419⤵
        Drops file in System32 directory
        
        PID:2664
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        420⤵
        
        PID:4764
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        421⤵
        
        PID:4228
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        422⤵
        
        PID:4180
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        423⤵
        
        PID:3636
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        424⤵
        
        PID:4244
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        425⤵
        
        PID:3356
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        426⤵
        
        PID:4664
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        427⤵
        
        PID:1532
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        428⤵
        
        PID:2564
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        429⤵
        
        PID:1828
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        430⤵
        
        PID:2624
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        431⤵
        
        PID:2576
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        432⤵
        
        PID:3048
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        433⤵
        
        PID:3728
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        434⤵
        
        PID:4192
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        435⤵
        
        PID:1148
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        436⤵
        
        PID:4452
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        437⤵
        
        PID:4016
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        438⤵
        
        PID:2024
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        439⤵
        
        PID:3980
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        440⤵
        
        PID:32
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        441⤵
        
        PID:1972
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        442⤵
        
        PID:4248
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        443⤵
        
        PID:2096
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        444⤵
        
        PID:2684
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        445⤵
        
        PID:4376
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        446⤵
        
        PID:1624
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        447⤵
        
        PID:4008
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        448⤵
        
        PID:3332
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        449⤵
        
        PID:4960
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        450⤵
        
        PID:2284
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        451⤵
        
        PID:2468
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        452⤵
        
        PID:2408
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        453⤵
        
        PID:3880
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        454⤵
        
        PID:2312
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        455⤵
        
        PID:3960
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        456⤵
        
        PID:4492
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        457⤵
        
        PID:1244
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        458⤵
        
        PID:4728
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        459⤵
        
        PID:4516
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        460⤵
        
        PID:1900
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        461⤵
        
        PID:1996
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        462⤵
        
        PID:1700
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        463⤵
        
        PID:2656
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        464⤵
        
        PID:2996
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        465⤵
        
        PID:1208
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        466⤵
        
        PID:3068
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        467⤵
        
        PID:3460
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        468⤵
        
        PID:5040
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        469⤵
        
        PID:3964
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        470⤵
        
        PID:4532
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        471⤵
        
        PID:2500
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        472⤵
        
        PID:4196
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        473⤵
        
        PID:3616
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        474⤵
        
        PID:4988
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        475⤵
        
        PID:4556
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        476⤵
        
        PID:4432
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        477⤵
        
        PID:804
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        478⤵
        
        PID:4976
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        479⤵
        
        PID:1404
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        480⤵
        
        PID:3180
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        481⤵
        
        PID:1184
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        482⤵
        
        PID:2264
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        483⤵
        
        PID:1692
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        484⤵
        
        PID:1436
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        485⤵
        
        PID:4608
        
        C:\Windows\SysWOW64\LiveMessageCenter.exe
        
        C:\Windows\system32\LiveMessageCenter.exe
        486⤵
        
        PID:3940
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        487⤵
        
        PID:2368
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        488⤵
        
        PID:4992
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        489⤵
        
        PID:4168
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        490⤵
        
        PID:832
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        491⤵
        
        PID:3564
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        492⤵
        
        PID:2560
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        493⤵
        
        PID:4276
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        494⤵
        
        PID:1044
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        495⤵
        
        PID:4764
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        496⤵
        
        PID:1732
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        497⤵
        
        PID:4340
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        498⤵
        
        PID:4360
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        499⤵
        
        PID:3636
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        500⤵
        
        PID:1412
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        501⤵
        
        PID:4344
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        502⤵
        
        PID:4268
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        503⤵
        
        PID:4280
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        504⤵
        
        PID:1304
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        505⤵
        
        PID:1384
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        506⤵
        
        PID:4272
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        507⤵
        
        PID:4640
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        508⤵
        
        PID:4144
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        509⤵
        
        PID:4192
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        510⤵
        
        PID:1920
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        511⤵
        
        PID:3896
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        512⤵
        
        PID:1484
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        513⤵
        
        PID:2024
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        514⤵
        
        PID:3304
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        515⤵
        
        PID:4456
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        516⤵
        
        PID:1972
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        517⤵
        
        PID:3500
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        518⤵
        Drops file in Program Files directory
        
        PID:4120
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        519⤵
        
        PID:2684
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        520⤵
        
        PID:996
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        521⤵
        
        PID:1624
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        522⤵
        
        PID:1924
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        523⤵
        
        PID:5080
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        524⤵
        
        PID:2104
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        525⤵
        
        PID:1552
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        526⤵
        
        PID:4460
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        527⤵
        
        PID:3880
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        528⤵
        Drops file in Program Files directory
        
        PID:2152
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        529⤵
        
        PID:4140
        
        C:\Windows\SysWOW64\LiveMessageCenter.exe
        
        C:\Windows\system32\LiveMessageCenter.exe
        530⤵
        
        PID:2760
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        531⤵
        
        PID:3960
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        532⤵
        
        PID:2824
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        533⤵
        
        PID:2988
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        534⤵
        
        PID:4516
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        535⤵
        
        PID:2912
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        536⤵
        
        PID:4416
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        537⤵
        
        PID:4524
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        538⤵
        
        PID:3820
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        539⤵
        
        PID:3436
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        540⤵
        
        PID:5060
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        541⤵
        
        PID:2688
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        542⤵
        
        PID:5040
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        543⤵
        
        PID:3844
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        544⤵
        
        PID:4648
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        545⤵
        
        PID:3076
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        546⤵
        
        PID:4196
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        547⤵
        
        PID:4816
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        548⤵
        
        PID:3716
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        549⤵
        
        PID:4988
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        550⤵
        
        PID:2276
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        551⤵
        
        PID:4824
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        552⤵
        
        PID:4752
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        553⤵
        
        PID:4432
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        554⤵
        
        PID:1800
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        555⤵
        
        PID:4076
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        556⤵
        
        PID:4500
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        557⤵
        
        PID:4152
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        558⤵
        
        PID:2376
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        559⤵
        
        PID:1436
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        560⤵
        
        PID:4520
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        561⤵
        
        PID:2916
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        562⤵
        
        PID:1832
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        563⤵
        
        PID:2368
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        564⤵
        
        PID:4168
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        565⤵
        
        PID:4400
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        566⤵
        
        PID:2664
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        567⤵
        
        PID:832
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        568⤵
        
        PID:3884
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        569⤵
        
        PID:4228
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        570⤵
        
        PID:4276
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        571⤵
        
        PID:4664
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        572⤵
        
        PID:4340
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        573⤵
        
        PID:3216
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        574⤵
        
        PID:3804
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        575⤵
        
        PID:852
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        576⤵
        
        PID:4184
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        577⤵
        
        PID:4344
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        578⤵
        
        PID:2020
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        579⤵
        
        PID:4268
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        580⤵
        
        PID:3768
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        581⤵
        
        PID:3692
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        582⤵
        
        PID:1384
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        583⤵
        
        PID:5028
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        584⤵
        
        PID:760
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        585⤵
        Drops file in System32 directory
        
        PID:4144
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        586⤵
        
        PID:3764
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        587⤵
        
        PID:4652
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        588⤵
        
        PID:4440
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        589⤵
        
        PID:3700
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        590⤵
        
        PID:2180
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        591⤵
        
        PID:1972
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        592⤵
        
        PID:2956
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        593⤵
        
        PID:220
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        594⤵
        
        PID:4008
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        595⤵
        
        PID:4376
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        596⤵
        
        PID:4960
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        597⤵
        
        PID:2260
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        598⤵
        
        PID:3332
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        599⤵
        
        PID:4552
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        600⤵
        Drops file in System32 directory
        
        PID:5080
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        601⤵
        
        PID:3748
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        602⤵
        
        PID:4404
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        603⤵
        
        PID:1596
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        604⤵
        
        PID:1244
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        605⤵
        
        PID:4840
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        606⤵
        Drops file in System32 directory
        
        PID:2760
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        607⤵
        
        PID:4732
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        608⤵
        
        PID:3960
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        609⤵
        
        PID:2920
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        610⤵
        
        PID:1600
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        611⤵
        
        PID:2984
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        612⤵
        
        PID:1072
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        613⤵
        
        PID:2444
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        614⤵
        
        PID:3068
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        615⤵
        
        PID:2996
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        616⤵
        
        PID:3284
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        617⤵
        
        PID:2688
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        618⤵
        
        PID:5040
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        619⤵
        
        PID:4588
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        620⤵
        
        PID:4912
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        621⤵
        Drops file in System32 directory
        
        PID:2500
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        622⤵
        
        PID:4556
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        623⤵
        
        PID:4816
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        624⤵
        
        PID:3716
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        625⤵
        
        PID:2324
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        626⤵
        
        PID:804
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        627⤵
        
        PID:3936
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        628⤵
        
        PID:1404
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        629⤵
        
        PID:1184
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        630⤵
        
        PID:4432
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        631⤵
        
        PID:1692
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        632⤵
        
        PID:3272
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        633⤵
        
        PID:4572
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        634⤵
        
        PID:2288
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        635⤵
        
        PID:1436
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        636⤵
        
        PID:1940
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        637⤵
        
        PID:3008
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        638⤵
        
        PID:3676
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        639⤵
        
        PID:5024
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        640⤵
        Drops file in Program Files directory
        
        PID:4720
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        641⤵
        
        PID:2560
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        642⤵
        Drops file in System32 directory
        
        PID:4024
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        643⤵
        Drops file in Program Files directory
        
        PID:3920
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        644⤵
        
        PID:4244
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        645⤵
        
        PID:4108
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        646⤵
        
        PID:3356
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        647⤵
        
        PID:4276
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        648⤵
        
        PID:4288
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        649⤵
        
        PID:1828
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        650⤵
        
        PID:3636
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        651⤵
        
        PID:3216
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        652⤵
        
        PID:676
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        653⤵
        
        PID:4184
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        654⤵
        
        PID:1304
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        655⤵
        
        PID:1364
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        656⤵
        
        PID:4268
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        657⤵
        
        PID:4640
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        658⤵
        
        PID:4016
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        659⤵
        
        PID:864
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        660⤵
        
        PID:5028
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        661⤵
        
        PID:3896
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        662⤵
        
        PID:2720
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        663⤵
        
        PID:4144
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        664⤵
        
        PID:2680
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        665⤵
        
        PID:2744
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        666⤵
        Drops file in System32 directory
        
        PID:4708
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        667⤵
        
        PID:4248
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        668⤵
        
        PID:2180
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        669⤵
        
        PID:2148
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        670⤵
        
        PID:2092
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        671⤵
        
        PID:3500
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        672⤵
        
        PID:1972
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        673⤵
        
        PID:4748
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        674⤵
        
        PID:3080
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        675⤵
        
        PID:4960
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        676⤵
        
        PID:1924
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        677⤵
        Drops file in Program Files directory
        
        PID:2104
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        678⤵
        Drops file in System32 directory
        
        PID:2520
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        679⤵
        
        PID:4552
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        680⤵
        
        PID:2152
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        681⤵
        
        PID:3880
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        682⤵
        
        PID:4404
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        683⤵
        
        PID:2840
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        684⤵
        
        PID:4140
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        685⤵
        
        PID:4728
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        686⤵
        
        PID:1700
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        687⤵
        
        PID:2988
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        688⤵
        
        PID:3960
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        689⤵
        
        PID:2656
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        690⤵
        
        PID:3148
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        691⤵
        
        PID:3460
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        692⤵
        
        PID:3428
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        693⤵
        
        PID:3820
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        694⤵
        
        PID:3068
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        695⤵
        
        PID:3964
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        696⤵
        
        PID:4532
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        697⤵
        
        PID:672
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        698⤵
        
        PID:4648
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        699⤵
        
        PID:4588
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        700⤵
        
        PID:4912
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        701⤵
        
        PID:984
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        702⤵
        
        PID:3944
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        703⤵
        
        PID:432
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        704⤵
        
        PID:4724
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        705⤵
        
        PID:4824
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        706⤵
        
        PID:4988
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        707⤵
        
        PID:3016
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        708⤵
        Drops file in System32 directory
        
        PID:2264
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        709⤵
        
        PID:1800
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        710⤵
        
        PID:1680
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        711⤵
        
        PID:3940
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        712⤵
        
        PID:4076
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        713⤵
        
        PID:4992
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        714⤵
        
        PID:1916
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        715⤵
        
        PID:4520
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        716⤵
        
        PID:4880
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        717⤵
        
        PID:4168
        
        C:\Windows\SysWOW64\LiveMessageCenter.exe
        
        C:\Windows\system32\LiveMessageCenter.exe
        718⤵
        
        PID:2916
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        719⤵
        
        PID:1848
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        720⤵
        
        PID:1044
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        721⤵
        
        PID:2560
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        722⤵
        
        PID:3416
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        723⤵
        
        PID:3028
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        724⤵
        
        PID:4108
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        725⤵
        
        PID:3048
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        726⤵
        
        PID:2564
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        727⤵
        
        PID:1828
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        728⤵
        
        PID:4344
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        729⤵
        
        PID:2020
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        730⤵
        
        PID:4184
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        731⤵
        
        PID:3768
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        732⤵
        
        PID:2068
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        733⤵
        
        PID:4268
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        734⤵
        
        PID:2452
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        735⤵
        
        PID:1384
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        736⤵
        
        PID:864
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        737⤵
        
        PID:3764
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        738⤵
        
        PID:32
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        739⤵
        
        PID:1512
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        740⤵
        
        PID:3700
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        741⤵
        
        PID:4188
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        742⤵
        
        PID:4204
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        743⤵
        
        PID:4248
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        744⤵
        
        PID:4692
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        745⤵
        
        PID:2956
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        746⤵
        
        PID:1660
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        747⤵
        
        PID:2468
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        748⤵
        
        PID:4748
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        749⤵
        
        PID:2388
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        750⤵
        
        PID:2260
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        751⤵
        
        PID:1924
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        752⤵
        
        PID:2104
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        753⤵
        
        PID:5080
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        754⤵
        
        PID:4040
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        755⤵
        
        PID:2152
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        756⤵
        
        PID:1244
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        757⤵
        
        PID:1596
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        758⤵
        
        PID:2824
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        759⤵
        
        PID:4732
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        760⤵
        
        PID:4140
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        761⤵
        
        PID:1928
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        762⤵
        
        PID:2656
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        763⤵
        
        PID:740
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        764⤵
        
        PID:2444
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        765⤵
        
        PID:1072
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        766⤵
        
        PID:5020
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        767⤵
        
        PID:2116
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        768⤵
        
        PID:3440
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        769⤵
        
        PID:3964
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        770⤵
        
        PID:4532
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        771⤵
        
        PID:3904
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        772⤵
        
        PID:4148
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        773⤵
        
        PID:4588
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        774⤵
        
        PID:3524
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        775⤵
        
        PID:3180
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        776⤵
        
        PID:3716
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        777⤵
        
        PID:432
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        778⤵
        
        PID:2276
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        779⤵
        
        PID:1288
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        780⤵
        
        PID:4824
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        781⤵
        
        PID:3016
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        782⤵
        
        PID:1692
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        783⤵
        
        PID:4608
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        784⤵
        
        PID:4500
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        785⤵
        
        PID:764
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        786⤵
        
        PID:5004
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        787⤵
        
        PID:4992
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        788⤵
        
        PID:1940
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        789⤵
        
        PID:2664
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        790⤵
        
        PID:1732
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        791⤵
        
        PID:5024
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        792⤵
        
        PID:2916
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        793⤵
        
        PID:4956
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        794⤵
        
        PID:1044
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        795⤵
        
        PID:1164
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        796⤵
        
        PID:4332
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        797⤵
        
        PID:4276
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        798⤵
        
        PID:4108
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        799⤵
        
        PID:5044
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        800⤵
        
        PID:1368
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        801⤵
        
        PID:2648
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        802⤵
        
        PID:2576
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        803⤵
        
        PID:3048
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        804⤵
        
        PID:4464
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        805⤵
        
        PID:3336
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        806⤵
        
        PID:4916

C:\Windows\SysWOW64\casino_extensions.exe
C:\Windows\system32\casino_extensions.exe
1⤵
PID:1472
- C:\Windows\SysWOW64\Casino_ext.exe
  C:\Windows\SysWOW64\Casino_ext.exe
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - Suspicious behavior: EnumeratesProcesses
  PID:4516
- - C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
    "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
    3⤵
    PID:4040
  - - C:\Windows\SysWOW64\casino_extensions.exe
      C:\Windows\system32\casino_extensions.exe
      4⤵
      Executes dropped EXE
      PID:3148
    - - C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        5⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        
        PID:3196
      - C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        6⤵
        Drops file in System32 directory
        
        PID:4596
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        7⤵
        Executes dropped EXE
        
        PID:1400
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        8⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        
        PID:2744
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        9⤵
        
        PID:4220
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        10⤵
        Executes dropped EXE
        
        PID:1016
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        11⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        
        PID:4824
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        12⤵
        
        PID:2752
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        13⤵
        Executes dropped EXE
        
        PID:1012

C:\Windows\SysWOW64\Casino_ext.exe
C:\Windows\SysWOW64\Casino_ext.exe
1⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:2148
- C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
  "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
  2⤵
  PID:2444

C:\Windows\SysWOW64\casino_extensions.exe
C:\Windows\system32\casino_extensions.exe
1⤵
- Executes dropped EXE
PID:3180
- C:\Windows\SysWOW64\Casino_ext.exe
  C:\Windows\SysWOW64\Casino_ext.exe
  2⤵
  PID:4852
- - C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
    "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
    3⤵
    PID:4816
  - - C:\Windows\SysWOW64\casino_extensions.exe
      C:\Windows\system32\casino_extensions.exe
      4⤵
      Executes dropped EXE
      PID:4340
    - - C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        5⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        
        PID:4632
      - C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        6⤵
        
        PID:4000
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        7⤵
        
        PID:1676
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        8⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        
        PID:1276
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        9⤵
        
        PID:3372
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        10⤵
        Executes dropped EXE
        
        PID:3004
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        11⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        
        PID:1832
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        12⤵
        
        PID:4268
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        13⤵
        Executes dropped EXE
        
        PID:4228
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        14⤵
        
        PID:3956
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        15⤵
        
        PID:4804
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        16⤵
        Executes dropped EXE
        
        PID:4468
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        17⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        
        PID:1848
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        18⤵
        
        PID:3672
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        19⤵
        
        PID:3768
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        20⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        
        PID:3724
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        21⤵
        
        PID:4840
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        22⤵
        Executes dropped EXE
        
        PID:1928
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        23⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        
        PID:1164
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        24⤵
        
        PID:4916
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        25⤵
        
        PID:1808
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        26⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        
        PID:1788
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        27⤵
        Drops file in System32 directory
        
        PID:4640
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        28⤵
        Executes dropped EXE
        
        PID:628
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        29⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        
        PID:676
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        30⤵
        
        PID:1620
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        31⤵
        Executes dropped EXE
        
        PID:2232
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        32⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        
        PID:1304
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        33⤵
        
        PID:32
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        34⤵
        Executes dropped EXE
        
        PID:3212
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        35⤵
        
        PID:224
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        36⤵
        
        PID:4400
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        37⤵
        Executes dropped EXE
        
        PID:1484
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        38⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        
        PID:1368
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        39⤵
        Drops file in System32 directory
        
        PID:3996
        
        C:\Windows\SysWOW64\LiveMessageCenter.exe
        
        C:\Windows\system32\LiveMessageCenter.exe /part2
        40⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        
        PID:1704
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        41⤵
        
        PID:4688
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        42⤵
        Suspicious use of WriteProcessMemory
        
        PID:2956
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        43⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        
        PID:5080
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        44⤵
        
        PID:408

C:\Windows\SysWOW64\casino_extensions.exe
C:\Windows\system32\casino_extensions.exe
1⤵
- Executes dropped EXE
PID:1556
- C:\Windows\SysWOW64\Casino_ext.exe
  C:\Windows\SysWOW64\Casino_ext.exe
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:4604
- - C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
    "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
    3⤵
    PID:4204
  - - C:\Windows\SysWOW64\casino_extensions.exe
      C:\Windows\system32\casino_extensions.exe
      4⤵
      Executes dropped EXE
      PID:3880
    - - C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        5⤵
        
        PID:1924
      - C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        6⤵
        
        PID:1784
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        7⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        
        PID:5036
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        8⤵
        
        PID:2152
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        9⤵
        Drops file in System32 directory
        
        PID:1244
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        10⤵
        
        PID:788
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        11⤵
        
        PID:3616
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        12⤵
        Executes dropped EXE
        
        PID:1472
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        13⤵
        
        PID:2760
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        14⤵
        
        PID:1208
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        15⤵
        
        PID:4196
        
        C:\Windows\SysWOW64\LiveMessageCenter.exe
        
        C:\Windows\system32\LiveMessageCenter.exe
        16⤵
        
        PID:380
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        17⤵
        
        PID:4792
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        18⤵
        
        PID:432
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        19⤵
        
        PID:912
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        20⤵
        
        PID:4188
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        21⤵
        
        PID:4912
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        22⤵
        
        PID:4556
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        23⤵
        Drops file in System32 directory
        
        PID:1800
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        24⤵
        
        PID:1652
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        25⤵
        
        PID:2752
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        26⤵
        
        PID:4180
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        27⤵
        
        PID:3548
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        28⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        
        PID:4852
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        29⤵
        
        PID:4764
        
        C:\Windows\SysWOW64\LiveMessageCenter.exe
        
        C:\Windows\system32\LiveMessageCenter.exe
        30⤵
        
        PID:4024
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        31⤵
        
        PID:3740
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        32⤵
        
        PID:4636
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        33⤵
        
        PID:3084
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        34⤵
        
        PID:3420
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        35⤵
        
        PID:4168
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        36⤵
        
        PID:3720
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        37⤵
        Executes dropped EXE
        
        PID:1676
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        38⤵
        
        PID:1828
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        39⤵
        
        PID:3804
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        40⤵
        
        PID:3372
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        41⤵
        
        PID:2624
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        42⤵
        
        PID:2664
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        43⤵
        
        PID:1412
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        44⤵
        Drops file in Program Files directory
        
        PID:4704
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        45⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        
        PID:3956
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        46⤵
        
        PID:4192
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        47⤵
        
        PID:3356
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        48⤵
        
        PID:3824
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        49⤵
        
        PID:3216
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        50⤵
        
        PID:3920
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        51⤵
        
        PID:4108
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        52⤵
        Executes dropped EXE
        
        PID:3768
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        53⤵
        
        PID:2932
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        54⤵
        
        PID:3712
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        55⤵
        
        PID:1532
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        56⤵
        
        PID:4184
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        57⤵
        
        PID:2576
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        58⤵
        
        PID:4452
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        59⤵
        
        PID:1948
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        60⤵
        
        PID:1364
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        61⤵
        
        PID:4272
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        62⤵
        
        PID:5028
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        63⤵
        
        PID:4756
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        64⤵
        
        PID:2684
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        65⤵
        Drops file in Program Files directory
        
        PID:1624
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        66⤵
        
        PID:3332
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        67⤵
        
        PID:1920
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        68⤵
        
        PID:844
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        69⤵
        
        PID:3500
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        70⤵
        
        PID:4136
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        71⤵
        
        PID:2408
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        72⤵
        Executes dropped EXE
        
        PID:2956
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        73⤵
        
        PID:4008
        
        C:\Windows\SysWOW64\LiveMessageCenter.exe
        
        C:\Windows\system32\LiveMessageCenter.exe
        74⤵
        
        PID:4140
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        75⤵
        
        PID:3960
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        76⤵
        
        PID:1264
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        77⤵
        Drops file in Program Files directory
        
        PID:684
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        78⤵
        
        PID:3024
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        79⤵
        
        PID:4644
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        80⤵
        
        PID:2688
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        81⤵
        
        PID:3748
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        82⤵
        
        PID:1072
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        83⤵
        
        PID:788
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        84⤵
        
        PID:392
        
        C:\Windows\SysWOW64\LiveMessageCenter.exe
        
        C:\Windows\system32\LiveMessageCenter.exe
        85⤵
        
        PID:4388
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        86⤵
        
        PID:1208
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        87⤵
        
        PID:2984
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        88⤵
        
        PID:3468
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        89⤵
        
        PID:380
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        90⤵
        
        PID:3624
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        91⤵
        
        PID:4444
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        92⤵
        
        PID:4648
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        93⤵
        
        PID:1016
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        94⤵
        
        PID:3524
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        95⤵
        
        PID:912
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        96⤵
        
        PID:216
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        97⤵
        
        PID:4556
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        98⤵
        
        PID:4392

C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
1⤵
- Drops file in System32 directory
PID:4040

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s wuauserv
1⤵
- Executes dropped EXE
PID:1808

C:\Windows\SysWOW64\casino_extensions.exe
C:\Windows\system32\casino_extensions.exe
1⤵
PID:3272
- C:\Windows\SysWOW64\Casino_ext.exe
  C:\Windows\SysWOW64\Casino_ext.exe
  2⤵
  PID:1652
- - C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
    "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
    3⤵
    PID:2752
  - - C:\Windows\SysWOW64\casino_extensions.exe
      C:\Windows\system32\casino_extensions.exe
      4⤵
      PID:2560
    - - C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        5⤵
        
        PID:4180
      - C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        6⤵
        
        PID:1324
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        7⤵
        
        PID:4716
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        8⤵
        
        PID:4764
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        9⤵
        
        PID:2884
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        10⤵
        
        PID:2288
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        11⤵
        
        PID:4636
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        12⤵
        
        PID:1276
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        13⤵
        
        PID:3416
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        14⤵
        
        PID:1256
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        15⤵
        
        PID:3564
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        16⤵
        
        PID:4880
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        17⤵
        
        PID:2456
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        18⤵
        
        PID:1820
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        19⤵
        
        PID:4268
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        20⤵
        
        PID:4956
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        21⤵
        
        PID:4364
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        22⤵
        
        PID:1412
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        23⤵
        
        PID:4468
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        24⤵
        
        PID:4280
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        25⤵
        
        PID:4192
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        26⤵
        
        PID:1148
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        27⤵
        
        PID:4344
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        28⤵
        
        PID:4332
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        29⤵
        
        PID:3728
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        30⤵
        
        PID:852
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        31⤵
        
        PID:2932
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        32⤵
        
        PID:1312
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        33⤵
        
        PID:4916
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        34⤵
        
        PID:4640
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        35⤵
        
        PID:628
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        36⤵
        
        PID:4144
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        37⤵
        
        PID:3980
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        38⤵
        
        PID:2452
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        39⤵
        
        PID:1972
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        40⤵
        
        PID:4456
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        41⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        
        PID:224
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        42⤵
        
        PID:1660
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        43⤵
        
        PID:4376
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        44⤵
        
        PID:4960
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        45⤵
        
        PID:4688
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        46⤵
        
        PID:844
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        47⤵
        
        PID:4120
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        48⤵
        
        PID:2408
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        49⤵
        
        PID:4692
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        50⤵
        
        PID:4728
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        51⤵
        
        PID:4748
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        52⤵
        
        PID:1552

C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\servicing\TrustedInstaller.exe
1⤵
PID:4444

C:\Windows\System32\sihclient.exe
C:\Windows\System32\sihclient.exe /cv LQ6Aa9bPx02sYXtqbcq27g.0.2
1⤵
PID:2148

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\Casino_ext.exe

Filesize
314KB

MD5
300d2ed65c9d8c4ba8fb13eb6027941e

SHA1
2f4c8d5587b764b78c3debdd011067df5e82f019

SHA256
90d0e4c894b842f1284c7c662ee39c8408722caf885ee346f6070bd4b51d6126

SHA512
a9b0d01ff5c5536812e9fab8931e0b178062e7c4a4693bfcefdbec28daa8de49eb7c30cc1887ee48c67de5a4c9da7ff018dec4866308715f0a845fe246e262d2

Download Submit
C:\Windows\SysWOW64\Casino_ext.exe

Filesize
314KB

MD5
300d2ed65c9d8c4ba8fb13eb6027941e

SHA1
2f4c8d5587b764b78c3debdd011067df5e82f019

SHA256
90d0e4c894b842f1284c7c662ee39c8408722caf885ee346f6070bd4b51d6126

SHA512
a9b0d01ff5c5536812e9fab8931e0b178062e7c4a4693bfcefdbec28daa8de49eb7c30cc1887ee48c67de5a4c9da7ff018dec4866308715f0a845fe246e262d2

Download Submit
C:\Windows\SysWOW64\Casino_ext.exe

Filesize
314KB

MD5
300d2ed65c9d8c4ba8fb13eb6027941e

SHA1
2f4c8d5587b764b78c3debdd011067df5e82f019

SHA256
90d0e4c894b842f1284c7c662ee39c8408722caf885ee346f6070bd4b51d6126

SHA512
a9b0d01ff5c5536812e9fab8931e0b178062e7c4a4693bfcefdbec28daa8de49eb7c30cc1887ee48c67de5a4c9da7ff018dec4866308715f0a845fe246e262d2

Download Submit
C:\Windows\SysWOW64\Casino_ext.exe

Filesize
314KB

MD5
300d2ed65c9d8c4ba8fb13eb6027941e

SHA1
2f4c8d5587b764b78c3debdd011067df5e82f019

SHA256
90d0e4c894b842f1284c7c662ee39c8408722caf885ee346f6070bd4b51d6126

SHA512
a9b0d01ff5c5536812e9fab8931e0b178062e7c4a4693bfcefdbec28daa8de49eb7c30cc1887ee48c67de5a4c9da7ff018dec4866308715f0a845fe246e262d2

Download Submit
C:\Windows\SysWOW64\Casino_ext.exe

Filesize
314KB

MD5
300d2ed65c9d8c4ba8fb13eb6027941e

SHA1
2f4c8d5587b764b78c3debdd011067df5e82f019

SHA256
90d0e4c894b842f1284c7c662ee39c8408722caf885ee346f6070bd4b51d6126

SHA512
a9b0d01ff5c5536812e9fab8931e0b178062e7c4a4693bfcefdbec28daa8de49eb7c30cc1887ee48c67de5a4c9da7ff018dec4866308715f0a845fe246e262d2

Download Submit
C:\Windows\SysWOW64\Casino_ext.exe

Filesize
314KB

MD5
300d2ed65c9d8c4ba8fb13eb6027941e

SHA1
2f4c8d5587b764b78c3debdd011067df5e82f019

SHA256
90d0e4c894b842f1284c7c662ee39c8408722caf885ee346f6070bd4b51d6126

SHA512
a9b0d01ff5c5536812e9fab8931e0b178062e7c4a4693bfcefdbec28daa8de49eb7c30cc1887ee48c67de5a4c9da7ff018dec4866308715f0a845fe246e262d2

Download Submit
C:\Windows\SysWOW64\Casino_ext.exe

Filesize
314KB

MD5
300d2ed65c9d8c4ba8fb13eb6027941e

SHA1
2f4c8d5587b764b78c3debdd011067df5e82f019

SHA256
90d0e4c894b842f1284c7c662ee39c8408722caf885ee346f6070bd4b51d6126

SHA512
a9b0d01ff5c5536812e9fab8931e0b178062e7c4a4693bfcefdbec28daa8de49eb7c30cc1887ee48c67de5a4c9da7ff018dec4866308715f0a845fe246e262d2

Download Submit
C:\Windows\SysWOW64\Casino_ext.exe

Filesize
314KB

MD5
300d2ed65c9d8c4ba8fb13eb6027941e

SHA1
2f4c8d5587b764b78c3debdd011067df5e82f019

SHA256
90d0e4c894b842f1284c7c662ee39c8408722caf885ee346f6070bd4b51d6126

SHA512
a9b0d01ff5c5536812e9fab8931e0b178062e7c4a4693bfcefdbec28daa8de49eb7c30cc1887ee48c67de5a4c9da7ff018dec4866308715f0a845fe246e262d2

Download Submit
C:\Windows\SysWOW64\Casino_ext.exe

Filesize
314KB

MD5
300d2ed65c9d8c4ba8fb13eb6027941e

SHA1
2f4c8d5587b764b78c3debdd011067df5e82f019

SHA256
90d0e4c894b842f1284c7c662ee39c8408722caf885ee346f6070bd4b51d6126

SHA512
a9b0d01ff5c5536812e9fab8931e0b178062e7c4a4693bfcefdbec28daa8de49eb7c30cc1887ee48c67de5a4c9da7ff018dec4866308715f0a845fe246e262d2

Download Submit
C:\Windows\SysWOW64\Casino_ext.exe

Filesize
314KB

MD5
300d2ed65c9d8c4ba8fb13eb6027941e

SHA1
2f4c8d5587b764b78c3debdd011067df5e82f019

SHA256
90d0e4c894b842f1284c7c662ee39c8408722caf885ee346f6070bd4b51d6126

SHA512
a9b0d01ff5c5536812e9fab8931e0b178062e7c4a4693bfcefdbec28daa8de49eb7c30cc1887ee48c67de5a4c9da7ff018dec4866308715f0a845fe246e262d2

Download Submit
C:\Windows\SysWOW64\Casino_ext.exe

Filesize
314KB

MD5
300d2ed65c9d8c4ba8fb13eb6027941e

SHA1
2f4c8d5587b764b78c3debdd011067df5e82f019

SHA256
90d0e4c894b842f1284c7c662ee39c8408722caf885ee346f6070bd4b51d6126

SHA512
a9b0d01ff5c5536812e9fab8931e0b178062e7c4a4693bfcefdbec28daa8de49eb7c30cc1887ee48c67de5a4c9da7ff018dec4866308715f0a845fe246e262d2

Download Submit
C:\Windows\SysWOW64\Casino_ext.exe

Filesize
314KB

MD5
300d2ed65c9d8c4ba8fb13eb6027941e

SHA1
2f4c8d5587b764b78c3debdd011067df5e82f019

SHA256
90d0e4c894b842f1284c7c662ee39c8408722caf885ee346f6070bd4b51d6126

SHA512
a9b0d01ff5c5536812e9fab8931e0b178062e7c4a4693bfcefdbec28daa8de49eb7c30cc1887ee48c67de5a4c9da7ff018dec4866308715f0a845fe246e262d2

Download Submit
C:\Windows\SysWOW64\Casino_ext.exe

Filesize
314KB

MD5
300d2ed65c9d8c4ba8fb13eb6027941e

SHA1
2f4c8d5587b764b78c3debdd011067df5e82f019

SHA256
90d0e4c894b842f1284c7c662ee39c8408722caf885ee346f6070bd4b51d6126

SHA512
a9b0d01ff5c5536812e9fab8931e0b178062e7c4a4693bfcefdbec28daa8de49eb7c30cc1887ee48c67de5a4c9da7ff018dec4866308715f0a845fe246e262d2

Download Submit
C:\Windows\SysWOW64\Casino_ext.exe

Filesize
314KB

MD5
300d2ed65c9d8c4ba8fb13eb6027941e

SHA1
2f4c8d5587b764b78c3debdd011067df5e82f019

SHA256
90d0e4c894b842f1284c7c662ee39c8408722caf885ee346f6070bd4b51d6126

SHA512
a9b0d01ff5c5536812e9fab8931e0b178062e7c4a4693bfcefdbec28daa8de49eb7c30cc1887ee48c67de5a4c9da7ff018dec4866308715f0a845fe246e262d2

Download Submit
C:\Windows\SysWOW64\Casino_ext.exe

Filesize
314KB

MD5
300d2ed65c9d8c4ba8fb13eb6027941e

SHA1
2f4c8d5587b764b78c3debdd011067df5e82f019

SHA256
90d0e4c894b842f1284c7c662ee39c8408722caf885ee346f6070bd4b51d6126

SHA512
a9b0d01ff5c5536812e9fab8931e0b178062e7c4a4693bfcefdbec28daa8de49eb7c30cc1887ee48c67de5a4c9da7ff018dec4866308715f0a845fe246e262d2

Download Submit
C:\Windows\SysWOW64\Casino_ext.exe

Filesize
314KB

MD5
300d2ed65c9d8c4ba8fb13eb6027941e

SHA1
2f4c8d5587b764b78c3debdd011067df5e82f019

SHA256
90d0e4c894b842f1284c7c662ee39c8408722caf885ee346f6070bd4b51d6126

SHA512
a9b0d01ff5c5536812e9fab8931e0b178062e7c4a4693bfcefdbec28daa8de49eb7c30cc1887ee48c67de5a4c9da7ff018dec4866308715f0a845fe246e262d2

Download Submit
C:\Windows\SysWOW64\Casino_ext.exe

Filesize
314KB

MD5
300d2ed65c9d8c4ba8fb13eb6027941e

SHA1
2f4c8d5587b764b78c3debdd011067df5e82f019

SHA256
90d0e4c894b842f1284c7c662ee39c8408722caf885ee346f6070bd4b51d6126

SHA512
a9b0d01ff5c5536812e9fab8931e0b178062e7c4a4693bfcefdbec28daa8de49eb7c30cc1887ee48c67de5a4c9da7ff018dec4866308715f0a845fe246e262d2

Download Submit
C:\Windows\SysWOW64\Casino_ext.exe

Filesize
314KB

MD5
300d2ed65c9d8c4ba8fb13eb6027941e

SHA1
2f4c8d5587b764b78c3debdd011067df5e82f019

SHA256
90d0e4c894b842f1284c7c662ee39c8408722caf885ee346f6070bd4b51d6126

SHA512
a9b0d01ff5c5536812e9fab8931e0b178062e7c4a4693bfcefdbec28daa8de49eb7c30cc1887ee48c67de5a4c9da7ff018dec4866308715f0a845fe246e262d2

Download Submit
C:\Windows\SysWOW64\Casino_ext.exe

Filesize
314KB

MD5
300d2ed65c9d8c4ba8fb13eb6027941e

SHA1
2f4c8d5587b764b78c3debdd011067df5e82f019

SHA256
90d0e4c894b842f1284c7c662ee39c8408722caf885ee346f6070bd4b51d6126

SHA512
a9b0d01ff5c5536812e9fab8931e0b178062e7c4a4693bfcefdbec28daa8de49eb7c30cc1887ee48c67de5a4c9da7ff018dec4866308715f0a845fe246e262d2

Download Submit
C:\Windows\SysWOW64\Casino_ext.exe

Filesize
314KB

MD5
300d2ed65c9d8c4ba8fb13eb6027941e

SHA1
2f4c8d5587b764b78c3debdd011067df5e82f019

SHA256
90d0e4c894b842f1284c7c662ee39c8408722caf885ee346f6070bd4b51d6126

SHA512
a9b0d01ff5c5536812e9fab8931e0b178062e7c4a4693bfcefdbec28daa8de49eb7c30cc1887ee48c67de5a4c9da7ff018dec4866308715f0a845fe246e262d2

Download Submit
C:\Windows\SysWOW64\Casino_ext.exe

Filesize
314KB

MD5
300d2ed65c9d8c4ba8fb13eb6027941e

SHA1
2f4c8d5587b764b78c3debdd011067df5e82f019

SHA256
90d0e4c894b842f1284c7c662ee39c8408722caf885ee346f6070bd4b51d6126

SHA512
a9b0d01ff5c5536812e9fab8931e0b178062e7c4a4693bfcefdbec28daa8de49eb7c30cc1887ee48c67de5a4c9da7ff018dec4866308715f0a845fe246e262d2

Download Submit
C:\Windows\SysWOW64\Casino_ext.exe

Filesize
314KB

MD5
300d2ed65c9d8c4ba8fb13eb6027941e

SHA1
2f4c8d5587b764b78c3debdd011067df5e82f019

SHA256
90d0e4c894b842f1284c7c662ee39c8408722caf885ee346f6070bd4b51d6126

SHA512
a9b0d01ff5c5536812e9fab8931e0b178062e7c4a4693bfcefdbec28daa8de49eb7c30cc1887ee48c67de5a4c9da7ff018dec4866308715f0a845fe246e262d2

Download Submit
C:\Windows\SysWOW64\Casino_ext.exe

Filesize
314KB

MD5
300d2ed65c9d8c4ba8fb13eb6027941e

SHA1
2f4c8d5587b764b78c3debdd011067df5e82f019

SHA256
90d0e4c894b842f1284c7c662ee39c8408722caf885ee346f6070bd4b51d6126

SHA512
a9b0d01ff5c5536812e9fab8931e0b178062e7c4a4693bfcefdbec28daa8de49eb7c30cc1887ee48c67de5a4c9da7ff018dec4866308715f0a845fe246e262d2

Download Submit
C:\Windows\SysWOW64\Casino_ext.exe

Filesize
314KB

MD5
300d2ed65c9d8c4ba8fb13eb6027941e

SHA1
2f4c8d5587b764b78c3debdd011067df5e82f019

SHA256
90d0e4c894b842f1284c7c662ee39c8408722caf885ee346f6070bd4b51d6126

SHA512
a9b0d01ff5c5536812e9fab8931e0b178062e7c4a4693bfcefdbec28daa8de49eb7c30cc1887ee48c67de5a4c9da7ff018dec4866308715f0a845fe246e262d2

Download Submit
C:\Windows\SysWOW64\Casino_ext.exe

Filesize
314KB

MD5
300d2ed65c9d8c4ba8fb13eb6027941e

SHA1
2f4c8d5587b764b78c3debdd011067df5e82f019

SHA256
90d0e4c894b842f1284c7c662ee39c8408722caf885ee346f6070bd4b51d6126

SHA512
a9b0d01ff5c5536812e9fab8931e0b178062e7c4a4693bfcefdbec28daa8de49eb7c30cc1887ee48c67de5a4c9da7ff018dec4866308715f0a845fe246e262d2

Download Submit
C:\Windows\SysWOW64\Casino_ext.exe

Filesize
314KB

MD5
300d2ed65c9d8c4ba8fb13eb6027941e

SHA1
2f4c8d5587b764b78c3debdd011067df5e82f019

SHA256
90d0e4c894b842f1284c7c662ee39c8408722caf885ee346f6070bd4b51d6126

SHA512
a9b0d01ff5c5536812e9fab8931e0b178062e7c4a4693bfcefdbec28daa8de49eb7c30cc1887ee48c67de5a4c9da7ff018dec4866308715f0a845fe246e262d2

Download Submit
C:\Windows\SysWOW64\Casino_ext.exe

Filesize
314KB

MD5
300d2ed65c9d8c4ba8fb13eb6027941e

SHA1
2f4c8d5587b764b78c3debdd011067df5e82f019

SHA256
90d0e4c894b842f1284c7c662ee39c8408722caf885ee346f6070bd4b51d6126

SHA512
a9b0d01ff5c5536812e9fab8931e0b178062e7c4a4693bfcefdbec28daa8de49eb7c30cc1887ee48c67de5a4c9da7ff018dec4866308715f0a845fe246e262d2

Download Submit
C:\Windows\SysWOW64\Casino_ext.exe

Filesize
314KB

MD5
300d2ed65c9d8c4ba8fb13eb6027941e

SHA1
2f4c8d5587b764b78c3debdd011067df5e82f019

SHA256
90d0e4c894b842f1284c7c662ee39c8408722caf885ee346f6070bd4b51d6126

SHA512
a9b0d01ff5c5536812e9fab8931e0b178062e7c4a4693bfcefdbec28daa8de49eb7c30cc1887ee48c67de5a4c9da7ff018dec4866308715f0a845fe246e262d2

Download Submit
C:\Windows\SysWOW64\Casino_ext.exe

Filesize
314KB

MD5
300d2ed65c9d8c4ba8fb13eb6027941e

SHA1
2f4c8d5587b764b78c3debdd011067df5e82f019

SHA256
90d0e4c894b842f1284c7c662ee39c8408722caf885ee346f6070bd4b51d6126

SHA512
a9b0d01ff5c5536812e9fab8931e0b178062e7c4a4693bfcefdbec28daa8de49eb7c30cc1887ee48c67de5a4c9da7ff018dec4866308715f0a845fe246e262d2

Download Submit
C:\Windows\SysWOW64\Casino_ext.exe

Filesize
314KB

MD5
300d2ed65c9d8c4ba8fb13eb6027941e

SHA1
2f4c8d5587b764b78c3debdd011067df5e82f019

SHA256
90d0e4c894b842f1284c7c662ee39c8408722caf885ee346f6070bd4b51d6126

SHA512
a9b0d01ff5c5536812e9fab8931e0b178062e7c4a4693bfcefdbec28daa8de49eb7c30cc1887ee48c67de5a4c9da7ff018dec4866308715f0a845fe246e262d2

Download Submit
C:\Windows\SysWOW64\LiveMessageCenter.exe

Filesize
317KB

MD5
475563e4b04d92244cf2da76de5a60a7

SHA1
5292c1f7e89f3831dc4f582ee66d27b6bf6c500d

SHA256
5fb6874d3e3c4eacdf41bb139f06397dd6da53af0326e63e1283244d91f7270b

SHA512
6932c99d5949387dbec9cca91ee9f5f126de7c8c197210491dd7e9430ef2f445f3bd7b4c48eb58efb19f06799b55ecda0ce08d33b70491632b5e32178758bf0f

Download Submit
C:\Windows\SysWOW64\LiveMessageCenter.exe

Filesize
317KB

MD5
475563e4b04d92244cf2da76de5a60a7

SHA1
5292c1f7e89f3831dc4f582ee66d27b6bf6c500d

SHA256
5fb6874d3e3c4eacdf41bb139f06397dd6da53af0326e63e1283244d91f7270b

SHA512
6932c99d5949387dbec9cca91ee9f5f126de7c8c197210491dd7e9430ef2f445f3bd7b4c48eb58efb19f06799b55ecda0ce08d33b70491632b5e32178758bf0f

Download Submit
C:\Windows\SysWOW64\casino_extensions.exe

Filesize
314KB

MD5
300d2ed65c9d8c4ba8fb13eb6027941e

SHA1
2f4c8d5587b764b78c3debdd011067df5e82f019

SHA256
90d0e4c894b842f1284c7c662ee39c8408722caf885ee346f6070bd4b51d6126

SHA512
a9b0d01ff5c5536812e9fab8931e0b178062e7c4a4693bfcefdbec28daa8de49eb7c30cc1887ee48c67de5a4c9da7ff018dec4866308715f0a845fe246e262d2

Download Submit
C:\Windows\SysWOW64\casino_extensions.exe

Filesize
314KB

MD5
300d2ed65c9d8c4ba8fb13eb6027941e

SHA1
2f4c8d5587b764b78c3debdd011067df5e82f019

SHA256
90d0e4c894b842f1284c7c662ee39c8408722caf885ee346f6070bd4b51d6126

SHA512
a9b0d01ff5c5536812e9fab8931e0b178062e7c4a4693bfcefdbec28daa8de49eb7c30cc1887ee48c67de5a4c9da7ff018dec4866308715f0a845fe246e262d2

Download Submit
C:\Windows\SysWOW64\casino_extensions.exe

Filesize
313KB

MD5
52202df3ebc0414d92d865431424b893

SHA1
99f06e05ea503c96fd80d52eed65e1f779b39c4b

SHA256
00ceee121a8db8cee1c8632aadc3501c245cb931159921a49af8a5d68f7381e8

SHA512
6d7c728694abf4c40737ba23af3ee0f8381984cbc41210a7fd8e5acaa9965f6ace6ab19c8fbc9faaabb34732eccd9a7746f93d92a2dfb2673889a424ec95b42d

Download Submit
C:\Windows\SysWOW64\casino_extensions.exe

Filesize
313KB

MD5
52202df3ebc0414d92d865431424b893

SHA1
99f06e05ea503c96fd80d52eed65e1f779b39c4b

SHA256
00ceee121a8db8cee1c8632aadc3501c245cb931159921a49af8a5d68f7381e8

SHA512
6d7c728694abf4c40737ba23af3ee0f8381984cbc41210a7fd8e5acaa9965f6ace6ab19c8fbc9faaabb34732eccd9a7746f93d92a2dfb2673889a424ec95b42d

Download Submit
C:\Windows\SysWOW64\casino_extensions.exe

Filesize
313KB

MD5
52202df3ebc0414d92d865431424b893

SHA1
99f06e05ea503c96fd80d52eed65e1f779b39c4b

SHA256
00ceee121a8db8cee1c8632aadc3501c245cb931159921a49af8a5d68f7381e8

SHA512
6d7c728694abf4c40737ba23af3ee0f8381984cbc41210a7fd8e5acaa9965f6ace6ab19c8fbc9faaabb34732eccd9a7746f93d92a2dfb2673889a424ec95b42d

Download Submit
C:\Windows\SysWOW64\casino_extensions.exe

Filesize
313KB

MD5
52202df3ebc0414d92d865431424b893

SHA1
99f06e05ea503c96fd80d52eed65e1f779b39c4b

SHA256
00ceee121a8db8cee1c8632aadc3501c245cb931159921a49af8a5d68f7381e8

SHA512
6d7c728694abf4c40737ba23af3ee0f8381984cbc41210a7fd8e5acaa9965f6ace6ab19c8fbc9faaabb34732eccd9a7746f93d92a2dfb2673889a424ec95b42d

Download Submit
C:\Windows\SysWOW64\casino_extensions.exe

Filesize
313KB

MD5
52202df3ebc0414d92d865431424b893

SHA1
99f06e05ea503c96fd80d52eed65e1f779b39c4b

SHA256
00ceee121a8db8cee1c8632aadc3501c245cb931159921a49af8a5d68f7381e8

SHA512
6d7c728694abf4c40737ba23af3ee0f8381984cbc41210a7fd8e5acaa9965f6ace6ab19c8fbc9faaabb34732eccd9a7746f93d92a2dfb2673889a424ec95b42d

Download Submit
C:\Windows\SysWOW64\casino_extensions.exe

Filesize
313KB

MD5
52202df3ebc0414d92d865431424b893

SHA1
99f06e05ea503c96fd80d52eed65e1f779b39c4b

SHA256
00ceee121a8db8cee1c8632aadc3501c245cb931159921a49af8a5d68f7381e8

SHA512
6d7c728694abf4c40737ba23af3ee0f8381984cbc41210a7fd8e5acaa9965f6ace6ab19c8fbc9faaabb34732eccd9a7746f93d92a2dfb2673889a424ec95b42d

Download Submit
C:\Windows\SysWOW64\casino_extensions.exe

Filesize
313KB

MD5
52202df3ebc0414d92d865431424b893

SHA1
99f06e05ea503c96fd80d52eed65e1f779b39c4b

SHA256
00ceee121a8db8cee1c8632aadc3501c245cb931159921a49af8a5d68f7381e8

SHA512
6d7c728694abf4c40737ba23af3ee0f8381984cbc41210a7fd8e5acaa9965f6ace6ab19c8fbc9faaabb34732eccd9a7746f93d92a2dfb2673889a424ec95b42d

Download Submit
C:\Windows\SysWOW64\casino_extensions.exe

Filesize
313KB

MD5
52202df3ebc0414d92d865431424b893

SHA1
99f06e05ea503c96fd80d52eed65e1f779b39c4b

SHA256
00ceee121a8db8cee1c8632aadc3501c245cb931159921a49af8a5d68f7381e8

SHA512
6d7c728694abf4c40737ba23af3ee0f8381984cbc41210a7fd8e5acaa9965f6ace6ab19c8fbc9faaabb34732eccd9a7746f93d92a2dfb2673889a424ec95b42d

Download Submit
C:\Windows\SysWOW64\casino_extensions.exe

Filesize
313KB

MD5
52202df3ebc0414d92d865431424b893

SHA1
99f06e05ea503c96fd80d52eed65e1f779b39c4b

SHA256
00ceee121a8db8cee1c8632aadc3501c245cb931159921a49af8a5d68f7381e8

SHA512
6d7c728694abf4c40737ba23af3ee0f8381984cbc41210a7fd8e5acaa9965f6ace6ab19c8fbc9faaabb34732eccd9a7746f93d92a2dfb2673889a424ec95b42d

Download Submit
C:\Windows\SysWOW64\casino_extensions.exe

Filesize
313KB

MD5
52202df3ebc0414d92d865431424b893

SHA1
99f06e05ea503c96fd80d52eed65e1f779b39c4b

SHA256
00ceee121a8db8cee1c8632aadc3501c245cb931159921a49af8a5d68f7381e8

SHA512
6d7c728694abf4c40737ba23af3ee0f8381984cbc41210a7fd8e5acaa9965f6ace6ab19c8fbc9faaabb34732eccd9a7746f93d92a2dfb2673889a424ec95b42d

Download Submit
C:\Windows\SysWOW64\casino_extensions.exe

Filesize
313KB

MD5
52202df3ebc0414d92d865431424b893

SHA1
99f06e05ea503c96fd80d52eed65e1f779b39c4b

SHA256
00ceee121a8db8cee1c8632aadc3501c245cb931159921a49af8a5d68f7381e8

SHA512
6d7c728694abf4c40737ba23af3ee0f8381984cbc41210a7fd8e5acaa9965f6ace6ab19c8fbc9faaabb34732eccd9a7746f93d92a2dfb2673889a424ec95b42d

Download Submit
C:\Windows\SysWOW64\casino_extensions.exe

Filesize
313KB

MD5
52202df3ebc0414d92d865431424b893

SHA1
99f06e05ea503c96fd80d52eed65e1f779b39c4b

SHA256
00ceee121a8db8cee1c8632aadc3501c245cb931159921a49af8a5d68f7381e8

SHA512
6d7c728694abf4c40737ba23af3ee0f8381984cbc41210a7fd8e5acaa9965f6ace6ab19c8fbc9faaabb34732eccd9a7746f93d92a2dfb2673889a424ec95b42d

Download Submit
C:\Windows\SysWOW64\casino_extensions.exe

Filesize
313KB

MD5
52202df3ebc0414d92d865431424b893

SHA1
99f06e05ea503c96fd80d52eed65e1f779b39c4b

SHA256
00ceee121a8db8cee1c8632aadc3501c245cb931159921a49af8a5d68f7381e8

SHA512
6d7c728694abf4c40737ba23af3ee0f8381984cbc41210a7fd8e5acaa9965f6ace6ab19c8fbc9faaabb34732eccd9a7746f93d92a2dfb2673889a424ec95b42d

Download Submit
C:\Windows\SysWOW64\casino_extensions.exe

Filesize
313KB

MD5
52202df3ebc0414d92d865431424b893

SHA1
99f06e05ea503c96fd80d52eed65e1f779b39c4b

SHA256
00ceee121a8db8cee1c8632aadc3501c245cb931159921a49af8a5d68f7381e8

SHA512
6d7c728694abf4c40737ba23af3ee0f8381984cbc41210a7fd8e5acaa9965f6ace6ab19c8fbc9faaabb34732eccd9a7746f93d92a2dfb2673889a424ec95b42d

Download Submit
C:\Windows\SysWOW64\casino_extensions.exe

Filesize
313KB

MD5
52202df3ebc0414d92d865431424b893

SHA1
99f06e05ea503c96fd80d52eed65e1f779b39c4b

SHA256
00ceee121a8db8cee1c8632aadc3501c245cb931159921a49af8a5d68f7381e8

SHA512
6d7c728694abf4c40737ba23af3ee0f8381984cbc41210a7fd8e5acaa9965f6ace6ab19c8fbc9faaabb34732eccd9a7746f93d92a2dfb2673889a424ec95b42d

Download Submit
C:\Windows\SysWOW64\casino_extensions.exe

Filesize
313KB

MD5
52202df3ebc0414d92d865431424b893

SHA1
99f06e05ea503c96fd80d52eed65e1f779b39c4b

SHA256
00ceee121a8db8cee1c8632aadc3501c245cb931159921a49af8a5d68f7381e8

SHA512
6d7c728694abf4c40737ba23af3ee0f8381984cbc41210a7fd8e5acaa9965f6ace6ab19c8fbc9faaabb34732eccd9a7746f93d92a2dfb2673889a424ec95b42d

Download Submit
C:\Windows\SysWOW64\casino_extensions.exe

Filesize
313KB

MD5
52202df3ebc0414d92d865431424b893

SHA1
99f06e05ea503c96fd80d52eed65e1f779b39c4b

SHA256
00ceee121a8db8cee1c8632aadc3501c245cb931159921a49af8a5d68f7381e8

SHA512
6d7c728694abf4c40737ba23af3ee0f8381984cbc41210a7fd8e5acaa9965f6ace6ab19c8fbc9faaabb34732eccd9a7746f93d92a2dfb2673889a424ec95b42d

Download Submit
C:\Windows\SysWOW64\casino_extensions.exe

Filesize
313KB

MD5
52202df3ebc0414d92d865431424b893

SHA1
99f06e05ea503c96fd80d52eed65e1f779b39c4b

SHA256
00ceee121a8db8cee1c8632aadc3501c245cb931159921a49af8a5d68f7381e8

SHA512
6d7c728694abf4c40737ba23af3ee0f8381984cbc41210a7fd8e5acaa9965f6ace6ab19c8fbc9faaabb34732eccd9a7746f93d92a2dfb2673889a424ec95b42d

Download Submit
C:\Windows\SysWOW64\casino_extensions.exe

Filesize
313KB

MD5
52202df3ebc0414d92d865431424b893

SHA1
99f06e05ea503c96fd80d52eed65e1f779b39c4b

SHA256
00ceee121a8db8cee1c8632aadc3501c245cb931159921a49af8a5d68f7381e8

SHA512
6d7c728694abf4c40737ba23af3ee0f8381984cbc41210a7fd8e5acaa9965f6ace6ab19c8fbc9faaabb34732eccd9a7746f93d92a2dfb2673889a424ec95b42d

Download Submit
C:\Windows\SysWOW64\casino_extensions.exe

Filesize
313KB

MD5
52202df3ebc0414d92d865431424b893

SHA1
99f06e05ea503c96fd80d52eed65e1f779b39c4b

SHA256
00ceee121a8db8cee1c8632aadc3501c245cb931159921a49af8a5d68f7381e8

SHA512
6d7c728694abf4c40737ba23af3ee0f8381984cbc41210a7fd8e5acaa9965f6ace6ab19c8fbc9faaabb34732eccd9a7746f93d92a2dfb2673889a424ec95b42d

Download Submit
C:\Windows\SysWOW64\casino_extensions.exe

Filesize
313KB

MD5
52202df3ebc0414d92d865431424b893

SHA1
99f06e05ea503c96fd80d52eed65e1f779b39c4b

SHA256
00ceee121a8db8cee1c8632aadc3501c245cb931159921a49af8a5d68f7381e8

SHA512
6d7c728694abf4c40737ba23af3ee0f8381984cbc41210a7fd8e5acaa9965f6ace6ab19c8fbc9faaabb34732eccd9a7746f93d92a2dfb2673889a424ec95b42d

Download Submit
C:\Windows\SysWOW64\casino_extensions.exe

Filesize
313KB

MD5
52202df3ebc0414d92d865431424b893

SHA1
99f06e05ea503c96fd80d52eed65e1f779b39c4b

SHA256
00ceee121a8db8cee1c8632aadc3501c245cb931159921a49af8a5d68f7381e8

SHA512
6d7c728694abf4c40737ba23af3ee0f8381984cbc41210a7fd8e5acaa9965f6ace6ab19c8fbc9faaabb34732eccd9a7746f93d92a2dfb2673889a424ec95b42d

Download Submit
C:\Windows\SysWOW64\casino_extensions.exe

Filesize
313KB

MD5
52202df3ebc0414d92d865431424b893

SHA1
99f06e05ea503c96fd80d52eed65e1f779b39c4b

SHA256
00ceee121a8db8cee1c8632aadc3501c245cb931159921a49af8a5d68f7381e8

SHA512
6d7c728694abf4c40737ba23af3ee0f8381984cbc41210a7fd8e5acaa9965f6ace6ab19c8fbc9faaabb34732eccd9a7746f93d92a2dfb2673889a424ec95b42d

Download Submit
C:\Windows\SysWOW64\casino_extensions.exe

Filesize
313KB

MD5
52202df3ebc0414d92d865431424b893

SHA1
99f06e05ea503c96fd80d52eed65e1f779b39c4b

SHA256
00ceee121a8db8cee1c8632aadc3501c245cb931159921a49af8a5d68f7381e8

SHA512
6d7c728694abf4c40737ba23af3ee0f8381984cbc41210a7fd8e5acaa9965f6ace6ab19c8fbc9faaabb34732eccd9a7746f93d92a2dfb2673889a424ec95b42d

Download Submit
C:\Windows\SysWOW64\casino_extensions.exe

Filesize
313KB

MD5
52202df3ebc0414d92d865431424b893

SHA1
99f06e05ea503c96fd80d52eed65e1f779b39c4b

SHA256
00ceee121a8db8cee1c8632aadc3501c245cb931159921a49af8a5d68f7381e8

SHA512
6d7c728694abf4c40737ba23af3ee0f8381984cbc41210a7fd8e5acaa9965f6ace6ab19c8fbc9faaabb34732eccd9a7746f93d92a2dfb2673889a424ec95b42d

Download Submit
C:\Windows\SysWOW64\casino_extensions.exe

Filesize
313KB

MD5
52202df3ebc0414d92d865431424b893

SHA1
99f06e05ea503c96fd80d52eed65e1f779b39c4b

SHA256
00ceee121a8db8cee1c8632aadc3501c245cb931159921a49af8a5d68f7381e8

SHA512
6d7c728694abf4c40737ba23af3ee0f8381984cbc41210a7fd8e5acaa9965f6ace6ab19c8fbc9faaabb34732eccd9a7746f93d92a2dfb2673889a424ec95b42d

Download Submit
C:\Windows\SysWOW64\casino_extensions.exe

Filesize
313KB

MD5
52202df3ebc0414d92d865431424b893

SHA1
99f06e05ea503c96fd80d52eed65e1f779b39c4b

SHA256
00ceee121a8db8cee1c8632aadc3501c245cb931159921a49af8a5d68f7381e8

SHA512
6d7c728694abf4c40737ba23af3ee0f8381984cbc41210a7fd8e5acaa9965f6ace6ab19c8fbc9faaabb34732eccd9a7746f93d92a2dfb2673889a424ec95b42d

Download Submit
C:\Windows\SysWOW64\casino_extensions.exe

Filesize
313KB

MD5
52202df3ebc0414d92d865431424b893

SHA1
99f06e05ea503c96fd80d52eed65e1f779b39c4b

SHA256
00ceee121a8db8cee1c8632aadc3501c245cb931159921a49af8a5d68f7381e8

SHA512
6d7c728694abf4c40737ba23af3ee0f8381984cbc41210a7fd8e5acaa9965f6ace6ab19c8fbc9faaabb34732eccd9a7746f93d92a2dfb2673889a424ec95b42d

Download Submit
C:\Windows\SysWOW64\casino_extensions.exe

Filesize
313KB

MD5
52202df3ebc0414d92d865431424b893

SHA1
99f06e05ea503c96fd80d52eed65e1f779b39c4b

SHA256
00ceee121a8db8cee1c8632aadc3501c245cb931159921a49af8a5d68f7381e8

SHA512
6d7c728694abf4c40737ba23af3ee0f8381984cbc41210a7fd8e5acaa9965f6ace6ab19c8fbc9faaabb34732eccd9a7746f93d92a2dfb2673889a424ec95b42d

Download Submit
C:\Windows\SysWOW64\casino_extensions.exe

Filesize
313KB

MD5
52202df3ebc0414d92d865431424b893

SHA1
99f06e05ea503c96fd80d52eed65e1f779b39c4b

SHA256
00ceee121a8db8cee1c8632aadc3501c245cb931159921a49af8a5d68f7381e8

SHA512
6d7c728694abf4c40737ba23af3ee0f8381984cbc41210a7fd8e5acaa9965f6ace6ab19c8fbc9faaabb34732eccd9a7746f93d92a2dfb2673889a424ec95b42d

Download Submit