0b0c6853d206d79b61bcd4e9e77354fc35e488d97eac85c922379ce255f74061

Analysis

max time kernel
142s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
22/10/2023, 13:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.6ba342f2c4e4d4dd340e31cdec53bf5c_JC.exe
Size

344KB
MD5

6ba342f2c4e4d4dd340e31cdec53bf5c
SHA1

b2a53296661fb66d9e887cd94f2de7690d6af65b
SHA256

0b0c6853d206d79b61bcd4e9e77354fc35e488d97eac85c922379ce255f74061
SHA512

15bbdff2ddba5b2478fe48f1f424859a3dd68afe36858f7d55b4839e1b78eb770d4d4be2674a97ad209046f341746be46829a65e5af7795077217f53a5065103
SSDEEP

3072:WtwizQTj8CSUYf8W3nSjen++Bj88OZS0/Qe2HdOLlqw1aQBlZJZE+Xj:Kuj8NDF3OR9/Qe2HdklrBHJZEYj

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
852	casino_extensions.exe

Executes dropped EXE 64 IoCs

pid	Process
1956	casino_extensions.exe
2108	Casino_ext.exe
4504	casino_extensions.exe
1860	Casino_ext.exe
1392	casino_extensions.exe
2916	Casino_ext.exe
712	casino_extensions.exe
4896	Casino_ext.exe
2544	casino_extensions.exe
4240	Casino_ext.exe
3528	casino_extensions.exe
3140	Casino_ext.exe
1708	casino_extensions.exe
788	Casino_ext.exe
1348	casino_extensions.exe
3520	Casino_ext.exe
4664	casino_extensions.exe
4848	Casino_ext.exe
3760	casino_extensions.exe
4688	Casino_ext.exe
2968	casino_extensions.exe
3216	Casino_ext.exe
1108	casino_extensions.exe
4832	Casino_ext.exe
1312	casino_extensions.exe
1460	Casino_ext.exe
844	casino_extensions.exe
3220	Casino_ext.exe
2468	casino_extensions.exe
3908	Casino_ext.exe
4936	casino_extensions.exe
3056	Casino_ext.exe
2044	casino_extensions.exe
3720	casino_extensions.exe
4744	casino_extensions.exe
4588	casino_extensions.exe
5096	casino_extensions.exe
1092	Casino_ext.exe
4980	LiveMessageCenter.exe
2428	Casino_ext.exe
2800	Casino_ext.exe
3860	casino_extensions.exe
5012	casino_extensions.exe
4348	LiveMessageCenter.exe
3316	casino_extensions.exe
4344	Casino_ext.exe
2612	casino_extensions.exe
852	casino_extensions.exe
2712	casino_extensions.exe
4144	casino_extensions.exe
2432	Casino_ext.exe
636	casino_extensions.exe
4200	casino_extensions.exe
4604	Casino_ext.exe
4308	casino_extensions.exe
3048	LiveMessageCenter.exe
3484	casino_extensions.exe
4836	casino_extensions.exe
984	Casino_ext.exe
2716	casino_extensions.exe
3744	casino_extensions.exe
2108	Casino_ext.exe
4760	casino_extensions.exe
692	casino_extensions.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\LiveMessageCenter.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\casino_extensions.exe	casino_extensions.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	Process not Found
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	Process not Found
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	Process not Found
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	Casino_ext.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	Casino_ext.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	Process not Found
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	Process not Found
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	Process not Found
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	Casino_ext.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	Process not Found
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	Process not Found
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	Process not Found
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	Process not Found
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	Process not Found
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	Process not Found
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	Casino_ext.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	Process not Found
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	Casino_ext.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	Process not Found
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	Process not Found
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	LiveMessageCenter.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	Process not Found
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	Process not Found
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	Process not Found
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	Process not Found
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	Process not Found
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	Casino_ext.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	Process not Found
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	Process not Found
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	Casino_ext.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	Casino_ext.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	Casino_ext.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	Process not Found
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	Process not Found
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	Process not Found
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	Process not Found
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	Process not Found
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	Process not Found
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	Process not Found
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	Casino_ext.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	Process not Found
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	Process not Found
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	Process not Found
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	casino_extensions.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\casino_extensions.exe	casino_extensions.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2108	Casino_ext.exe
2108	Casino_ext.exe
1860	Casino_ext.exe
1860	Casino_ext.exe
2916	Casino_ext.exe
2916	Casino_ext.exe
4896	Casino_ext.exe
4896	Casino_ext.exe
4240	Casino_ext.exe
4240	Casino_ext.exe
3140	Casino_ext.exe
3140	Casino_ext.exe
788	Casino_ext.exe
788	Casino_ext.exe
3520	Casino_ext.exe
3520	Casino_ext.exe
4848	Casino_ext.exe
4848	Casino_ext.exe
4688	Casino_ext.exe
4688	Casino_ext.exe
3216	Casino_ext.exe
3216	Casino_ext.exe
4832	Casino_ext.exe
4832	Casino_ext.exe
1460	Casino_ext.exe
1460	Casino_ext.exe
3220	Casino_ext.exe
3220	Casino_ext.exe
3908	Casino_ext.exe
3908	Casino_ext.exe
3056	Casino_ext.exe
3056	Casino_ext.exe
3720	casino_extensions.exe
3720	casino_extensions.exe
4588	casino_extensions.exe
4588	casino_extensions.exe
1092	Casino_ext.exe
1092	Casino_ext.exe
4980	LiveMessageCenter.exe
4980	LiveMessageCenter.exe
2800	Casino_ext.exe
2800	Casino_ext.exe
5012	casino_extensions.exe
5012	casino_extensions.exe
4348	LiveMessageCenter.exe
4348	LiveMessageCenter.exe
4344	Casino_ext.exe
4344	Casino_ext.exe
852	casino_extensions.exe
852	casino_extensions.exe
2432	Casino_ext.exe
2432	Casino_ext.exe
4604	Casino_ext.exe
4604	Casino_ext.exe
3048	LiveMessageCenter.exe
3048	LiveMessageCenter.exe
984	Casino_ext.exe
984	Casino_ext.exe
2108	Casino_ext.exe
2108	Casino_ext.exe
1860	Casino_ext.exe
1860	Casino_ext.exe
448	casino_extensions.exe
448	casino_extensions.exe

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
4836	NEAS.6ba342f2c4e4d4dd340e31cdec53bf5c_JC.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4836 wrote to memory of 2148	4836	NEAS.6ba342f2c4e4d4dd340e31cdec53bf5c_JC.exe	83
PID 4836 wrote to memory of 2148	4836	NEAS.6ba342f2c4e4d4dd340e31cdec53bf5c_JC.exe	83
PID 4836 wrote to memory of 2148	4836	NEAS.6ba342f2c4e4d4dd340e31cdec53bf5c_JC.exe	83
PID 2148 wrote to memory of 1956	2148	casino_extensions.exe	84
PID 2148 wrote to memory of 1956	2148	casino_extensions.exe	84
PID 2148 wrote to memory of 1956	2148	casino_extensions.exe	84
PID 1956 wrote to memory of 2108	1956	casino_extensions.exe	85
PID 1956 wrote to memory of 2108	1956	casino_extensions.exe	85
PID 1956 wrote to memory of 2108	1956	casino_extensions.exe	85
PID 2108 wrote to memory of 692	2108	Casino_ext.exe	86
PID 2108 wrote to memory of 692	2108	Casino_ext.exe	86
PID 2108 wrote to memory of 692	2108	Casino_ext.exe	86
PID 692 wrote to memory of 4504	692	casino_extensions.exe	87
PID 692 wrote to memory of 4504	692	casino_extensions.exe	87
PID 692 wrote to memory of 4504	692	casino_extensions.exe	87
PID 4504 wrote to memory of 1860	4504	casino_extensions.exe	88
PID 4504 wrote to memory of 1860	4504	casino_extensions.exe	88
PID 4504 wrote to memory of 1860	4504	casino_extensions.exe	88
PID 1860 wrote to memory of 988	1860	Casino_ext.exe	89
PID 1860 wrote to memory of 988	1860	Casino_ext.exe	89
PID 1860 wrote to memory of 988	1860	Casino_ext.exe	89
PID 988 wrote to memory of 1392	988	casino_extensions.exe	90
PID 988 wrote to memory of 1392	988	casino_extensions.exe	90
PID 988 wrote to memory of 1392	988	casino_extensions.exe	90
PID 1392 wrote to memory of 2916	1392	casino_extensions.exe	91
PID 1392 wrote to memory of 2916	1392	casino_extensions.exe	91
PID 1392 wrote to memory of 2916	1392	casino_extensions.exe	91
PID 2916 wrote to memory of 3608	2916	Casino_ext.exe	92
PID 2916 wrote to memory of 3608	2916	Casino_ext.exe	92
PID 2916 wrote to memory of 3608	2916	Casino_ext.exe	92
PID 3608 wrote to memory of 712	3608	casino_extensions.exe	93
PID 3608 wrote to memory of 712	3608	casino_extensions.exe	93
PID 3608 wrote to memory of 712	3608	casino_extensions.exe	93
PID 712 wrote to memory of 4896	712	casino_extensions.exe	95
PID 712 wrote to memory of 4896	712	casino_extensions.exe	95
PID 712 wrote to memory of 4896	712	casino_extensions.exe	95
PID 4896 wrote to memory of 4728	4896	Casino_ext.exe	96
PID 4896 wrote to memory of 4728	4896	Casino_ext.exe	96
PID 4896 wrote to memory of 4728	4896	Casino_ext.exe	96
PID 4728 wrote to memory of 2544	4728	casino_extensions.exe	97
PID 4728 wrote to memory of 2544	4728	casino_extensions.exe	97
PID 4728 wrote to memory of 2544	4728	casino_extensions.exe	97
PID 2544 wrote to memory of 4240	2544	casino_extensions.exe	98
PID 2544 wrote to memory of 4240	2544	casino_extensions.exe	98
PID 2544 wrote to memory of 4240	2544	casino_extensions.exe	98
PID 4240 wrote to memory of 4392	4240	Casino_ext.exe	99
PID 4240 wrote to memory of 4392	4240	Casino_ext.exe	99
PID 4240 wrote to memory of 4392	4240	Casino_ext.exe	99
PID 4392 wrote to memory of 3528	4392	casino_extensions.exe	100
PID 4392 wrote to memory of 3528	4392	casino_extensions.exe	100
PID 4392 wrote to memory of 3528	4392	casino_extensions.exe	100
PID 3528 wrote to memory of 3140	3528	casino_extensions.exe	101
PID 3528 wrote to memory of 3140	3528	casino_extensions.exe	101
PID 3528 wrote to memory of 3140	3528	casino_extensions.exe	101
PID 3140 wrote to memory of 1008	3140	Casino_ext.exe	102
PID 3140 wrote to memory of 1008	3140	Casino_ext.exe	102
PID 3140 wrote to memory of 1008	3140	Casino_ext.exe	102
PID 1008 wrote to memory of 1708	1008	casino_extensions.exe	103
PID 1008 wrote to memory of 1708	1008	casino_extensions.exe	103
PID 1008 wrote to memory of 1708	1008	casino_extensions.exe	103
PID 1708 wrote to memory of 788	1708	casino_extensions.exe	104
PID 1708 wrote to memory of 788	1708	casino_extensions.exe	104
PID 1708 wrote to memory of 788	1708	casino_extensions.exe	104
PID 788 wrote to memory of 248	788	Casino_ext.exe	106

C:\Users\Admin\AppData\Local\Temp\NEAS.6ba342f2c4e4d4dd340e31cdec53bf5c_JC.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.6ba342f2c4e4d4dd340e31cdec53bf5c_JC.exe"
1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of WriteProcessMemory
PID:4836
- C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
  "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2148
- - C:\Windows\SysWOW64\casino_extensions.exe
    C:\Windows\system32\casino_extensions.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:1956
  - - C:\Windows\SysWOW64\Casino_ext.exe
      C:\Windows\SysWOW64\Casino_ext.exe
      4⤵
      Executes dropped EXE
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:2108
    - - C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        5⤵
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:692
      - C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        6⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:4504
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        7⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:1860
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        8⤵
        Suspicious use of WriteProcessMemory
        
        PID:988
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        9⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:1392
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        10⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:2916
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        11⤵
        Suspicious use of WriteProcessMemory
        
        PID:3608
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        12⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:712
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        13⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:4896
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        14⤵
        Suspicious use of WriteProcessMemory
        
        PID:4728
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        15⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:2544
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        16⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:4240
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        17⤵
        Suspicious use of WriteProcessMemory
        
        PID:4392
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        18⤵
        Executes dropped EXE
        Drops file in Program Files directory
        Suspicious use of WriteProcessMemory
        
        PID:3528
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        19⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:3140
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        20⤵
        Suspicious use of WriteProcessMemory
        
        PID:1008
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        21⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:1708
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        22⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:788
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        23⤵
        
        PID:248
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        24⤵
        Executes dropped EXE
        
        PID:1348
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        25⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        
        PID:3520
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        26⤵
        
        PID:1444
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        27⤵
        Executes dropped EXE
        
        PID:4664
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        28⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        
        PID:4848
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        29⤵
        Drops file in System32 directory
        
        PID:1980
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        30⤵
        Executes dropped EXE
        
        PID:3760
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        31⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        
        PID:4688
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        32⤵
        
        PID:4088
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        33⤵
        Executes dropped EXE
        
        PID:2968
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        34⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        
        PID:3216
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        35⤵
        Drops file in System32 directory
        
        PID:1488
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        36⤵
        Executes dropped EXE
        Drops file in Program Files directory
        
        PID:1108
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        37⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        
        PID:4832
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        38⤵
        
        PID:4424
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        39⤵
        Executes dropped EXE
        
        PID:1312
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        40⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        
        PID:1460
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        41⤵
        
        PID:3068
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        42⤵
        Executes dropped EXE
        
        PID:844
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        43⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        
        PID:3220
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        44⤵
        
        PID:4708
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        45⤵
        Executes dropped EXE
        
        PID:2468
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        46⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        
        PID:3908
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        47⤵
        
        PID:1160
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        48⤵
        Executes dropped EXE
        
        PID:4936
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        49⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        
        PID:3056
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        50⤵
        
        PID:1296
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        51⤵
        Executes dropped EXE
        
        PID:2044
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        52⤵
        
        PID:3720
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        53⤵
        Drops file in System32 directory
        
        PID:4908

C:\Windows\SysWOW64\casino_extensions.exe
C:\Windows\system32\casino_extensions.exe
1⤵
- Executes dropped EXE
PID:4744
- C:\Windows\SysWOW64\Casino_ext.exe
  C:\Windows\SysWOW64\Casino_ext.exe
  2⤵
  PID:4588
- - C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
    "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
    3⤵
    PID:1020
  - - C:\Windows\SysWOW64\casino_extensions.exe
      C:\Windows\system32\casino_extensions.exe
      4⤵
      Executes dropped EXE
      PID:5096
    - - C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        5⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        
        PID:1092
      - C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        6⤵
        
        PID:3972
        
        C:\Windows\SysWOW64\LiveMessageCenter.exe
        
        C:\Windows\system32\LiveMessageCenter.exe /part2
        7⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        
        PID:4980
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        8⤵
        
        PID:1720
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        9⤵
        
        PID:2428
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        10⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        
        PID:2800
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        11⤵
        
        PID:4988
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        12⤵
        Executes dropped EXE
        
        PID:3860
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        13⤵
        
        PID:5012
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        14⤵
        
        PID:920
        
        C:\Windows\SysWOW64\LiveMessageCenter.exe
        
        C:\Windows\system32\LiveMessageCenter.exe
        15⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        
        PID:4348
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        16⤵
        
        PID:4228
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        17⤵
        Executes dropped EXE
        
        PID:3316
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        18⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        
        PID:4344
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        19⤵
        
        PID:4356
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        20⤵
        Executes dropped EXE
        
        PID:2612
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        21⤵
        
        PID:852
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        22⤵
        
        PID:2712
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        23⤵
        Executes dropped EXE
        
        PID:4144
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        24⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        
        PID:2432
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        25⤵
        Executes dropped EXE
        
        PID:636
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        26⤵
        
        PID:4200
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        27⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        
        PID:4604
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        28⤵
        Executes dropped EXE
        
        PID:4308
        
        C:\Windows\SysWOW64\LiveMessageCenter.exe
        
        C:\Windows\system32\LiveMessageCenter.exe
        29⤵
        Executes dropped EXE
        Drops file in Program Files directory
        Suspicious behavior: EnumeratesProcesses
        
        PID:3048
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        30⤵
        Executes dropped EXE
        
        PID:3484
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        31⤵
        
        PID:4836
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        32⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        
        PID:984
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        33⤵
        Executes dropped EXE
        
        PID:2716
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        34⤵
        
        PID:3744
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        35⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        
        PID:2108
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        36⤵
        
        PID:4760
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        37⤵
        Executes dropped EXE
        Drops file in Program Files directory
        
        PID:692
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        38⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1860
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        39⤵
        
        PID:3264
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        40⤵
        
        PID:988
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        41⤵
        
        PID:448
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        42⤵
        
        PID:224
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        43⤵
        
        PID:5056
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        44⤵
        
        PID:2920
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        45⤵
        
        PID:364
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        46⤵
        
        PID:5008
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        47⤵
        
        PID:2024
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        48⤵
        
        PID:4472
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        49⤵
        
        PID:1040
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        50⤵
        
        PID:1208
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        51⤵
        
        PID:4392
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        52⤵
        
        PID:2584
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        53⤵
        
        PID:4960
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        54⤵
        
        PID:2724
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        55⤵
        
        PID:1008
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        56⤵
        
        PID:788
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        57⤵
        
        PID:3996
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        58⤵
        
        PID:1512
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        59⤵
        
        PID:3520
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        60⤵
        
        PID:2100
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        61⤵
        
        PID:3032
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        62⤵
        
        PID:4260
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        63⤵
        
        PID:1284
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        64⤵
        
        PID:1444
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        65⤵
        
        PID:4848
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        66⤵
        
        PID:3756
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        67⤵
        
        PID:2304
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        68⤵
        
        PID:3188
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        69⤵
        
        PID:2380
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        70⤵
        
        PID:4688
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        71⤵
        
        PID:4668
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        72⤵
        
        PID:3044
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        73⤵
        
        PID:952
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        74⤵
        
        PID:4084
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        75⤵
        
        PID:3008
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        76⤵
        
        PID:1488
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        77⤵
        
        PID:4832
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        78⤵
        
        PID:4920
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        79⤵
        
        PID:4912
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        80⤵
        
        PID:644
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        81⤵
        Drops file in System32 directory
        
        PID:2104
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        82⤵
        
        PID:1492
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        83⤵
        
        PID:3888
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        84⤵
        
        PID:3220
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        85⤵
        
        PID:2176
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        86⤵
        
        PID:2164
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        87⤵
        
        PID:2648
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        88⤵
        
        PID:4508
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        89⤵
        
        PID:392
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        90⤵
        
        PID:1160
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        91⤵
        
        PID:1780
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        92⤵
        
        PID:3540
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        93⤵
        
        PID:4868
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        94⤵
        Executes dropped EXE
        Drops file in Program Files directory
        Suspicious behavior: EnumeratesProcesses
        
        PID:3720
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        95⤵
        
        PID:4884
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        96⤵
        
        PID:4500
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        97⤵
        Executes dropped EXE
        Drops file in Program Files directory
        Suspicious behavior: EnumeratesProcesses
        
        PID:4588
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        98⤵
        
        PID:4944
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        99⤵
        
        PID:4768
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        100⤵
        
        PID:1664
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        101⤵
        Drops file in Program Files directory
        
        PID:2180
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        102⤵
        
        PID:2196
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        103⤵
        
        PID:4492
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        104⤵
        
        PID:2092
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        105⤵
        
        PID:3664
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        106⤵
        
        PID:3588
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        107⤵
        Executes dropped EXE
        
        PID:2428
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        108⤵
        
        PID:2760
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        109⤵
        
        PID:3092
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        110⤵
        
        PID:3856
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        111⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        
        PID:5012
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        112⤵
        
        PID:4384
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        113⤵
        
        PID:3148
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        114⤵
        
        PID:1584
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        115⤵
        Drops file in Program Files directory
        
        PID:3692
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        116⤵
        
        PID:3364
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        117⤵
        Drops file in System32 directory
        
        PID:3480
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        118⤵
        
        PID:3440
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        119⤵
        
        PID:2668
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        120⤵
        
        PID:5040
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        121⤵
        Deletes itself
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        
        PID:852
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        122⤵
        
        PID:548
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        123⤵
        
        PID:4312
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        124⤵
        
        PID:4640
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        125⤵
        
        PID:212
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        126⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2712
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        127⤵
        
        PID:4196
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        128⤵
        
        PID:3012
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        129⤵
        Executes dropped EXE
        
        PID:4200
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        130⤵
        Drops file in Program Files directory
        
        PID:4888
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        131⤵
        
        PID:1484
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        132⤵
        
        PID:2616
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        133⤵
        
        PID:3672
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        134⤵
        
        PID:1932
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        135⤵
        
        PID:2644
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        136⤵
        Executes dropped EXE
        
        PID:4836
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        137⤵
        
        PID:1352
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        138⤵
        Executes dropped EXE
        
        PID:3744
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        139⤵
        
        PID:4612
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        140⤵
        
        PID:3432
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        141⤵
        Executes dropped EXE
        
        PID:4760
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        142⤵
        
        PID:2916
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        143⤵
        
        PID:4548
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        144⤵
        Drops file in System32 directory
        
        PID:3264
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        145⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:448
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        146⤵
        
        PID:1828
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        147⤵
        
        PID:5056
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        148⤵
        
        PID:2776
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        149⤵
        
        PID:3232
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        150⤵
        
        PID:4772
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        151⤵
        
        PID:364
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        152⤵
        
        PID:4860
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        153⤵
        
        PID:4264
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        154⤵
        
        PID:4472
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        155⤵
        
        PID:4456
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        156⤵
        
        PID:2888
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        157⤵
        
        PID:1008
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        158⤵
        
        PID:788
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        159⤵
        
        PID:248
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        160⤵
        
        PID:560
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        161⤵
        
        PID:3996
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        162⤵
        
        PID:3520
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        163⤵
        
        PID:216
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        164⤵
        
        PID:2100
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        165⤵
        
        PID:3904
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        166⤵
        
        PID:3864
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        167⤵
        
        PID:1284
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        168⤵
        
        PID:3372
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        169⤵
        
        PID:4900
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        170⤵
        
        PID:3188
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        171⤵
        
        PID:3964
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        172⤵
        
        PID:2420
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        173⤵
        
        PID:1396
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        174⤵
        
        PID:3976
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        175⤵
        
        PID:1532
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        176⤵
        
        PID:236
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        177⤵
        
        PID:1968
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        178⤵
        
        PID:1312
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        179⤵
        
        PID:1488
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        180⤵
        
        PID:5064
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        181⤵
        
        PID:1576
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        182⤵
        
        PID:5004
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        183⤵
        
        PID:3068
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        184⤵
        
        PID:1492
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        185⤵
        
        PID:3816
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        186⤵
        
        PID:3160
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        187⤵
        
        PID:1800
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        188⤵
        
        PID:2232
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        189⤵
        
        PID:2176
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        190⤵
        
        PID:3056
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        191⤵
        
        PID:1416
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        192⤵
        
        PID:2648
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        193⤵
        Drops file in Program Files directory
        
        PID:1420
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        194⤵
        
        PID:5068
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        195⤵
        Drops file in System32 directory
        
        PID:3540
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        196⤵
        
        PID:4488
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        197⤵
        
        PID:1832
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        198⤵
        
        PID:4868
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        199⤵
        
        PID:2308
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        200⤵
        
        PID:5096
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        201⤵
        
        PID:3368
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        202⤵
        
        PID:2568
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        203⤵
        
        PID:1944
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        204⤵
        
        PID:3040

C:\Windows\SysWOW64\casino_extensions.exe
C:\Windows\system32\casino_extensions.exe
1⤵
PID:2928
- C:\Windows\SysWOW64\Casino_ext.exe
  C:\Windows\SysWOW64\Casino_ext.exe
  2⤵
  PID:1720
- - C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
    "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
    3⤵
    - Drops file in System32 directory
    PID:3428
  - - C:\Windows\SysWOW64\casino_extensions.exe
      C:\Windows\system32\casino_extensions.exe
      4⤵
      PID:4304
    - - C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        5⤵
        
        PID:2852
      - C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        6⤵
        
        PID:3588
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        7⤵
        
        PID:4076
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        8⤵
        
        PID:4360
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        9⤵
        
        PID:4948
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        10⤵
        
        PID:1660
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        11⤵
        
        PID:2964
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        12⤵
        
        PID:924
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        13⤵
        
        PID:3776
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        14⤵
        
        PID:4800
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        15⤵
        
        PID:2940
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        16⤵
        
        PID:3972
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        17⤵
        
        PID:5012
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        18⤵
        
        PID:2460
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        19⤵
        
        PID:3316
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        20⤵
        
        PID:3364
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        21⤵
        
        PID:4344
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        22⤵
        
        PID:4356
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        23⤵
        
        PID:3440
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        24⤵
        
        PID:4804
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        25⤵
        
        PID:2660
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        26⤵
        
        PID:564
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        27⤵
        
        PID:548
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        28⤵
        
        PID:2252
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        29⤵
        
        PID:4376
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        30⤵
        
        PID:4640
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        31⤵
        Drops file in Program Files directory
        
        PID:3876
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        32⤵
        
        PID:4552
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        33⤵
        
        PID:3060
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        34⤵
        
        PID:2256
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        35⤵
        
        PID:1484
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        36⤵
        
        PID:4308
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        37⤵
        
        PID:3484
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        38⤵
        
        PID:984
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        39⤵
        
        PID:3672
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        40⤵
        
        PID:4268
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        41⤵
        
        PID:2644
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        42⤵
        
        PID:3836
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        43⤵
        
        PID:3204
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        44⤵
        
        PID:824
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        45⤵
        
        PID:4612
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        46⤵
        
        PID:2924
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        47⤵
        
        PID:4760
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        48⤵
        
        PID:4420
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        49⤵
        
        PID:1884
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        50⤵
        
        PID:4896
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        51⤵
        
        PID:448
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        52⤵
        Drops file in Program Files directory
        
        PID:4952
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        53⤵
        
        PID:2024
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        54⤵
        
        PID:5056
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        55⤵
        
        PID:1524
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        56⤵
        
        PID:1208
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        57⤵
        
        PID:4772
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        58⤵
        
        PID:636
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        59⤵
        
        PID:4472
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        60⤵
        
        PID:1528
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        61⤵
        
        PID:728
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        62⤵
        
        PID:5072
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        63⤵
        
        PID:2888
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        64⤵
        
        PID:1512
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        65⤵
        
        PID:220
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        66⤵
        
        PID:4608
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        67⤵
        
        PID:3996
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        68⤵
        Drops file in Program Files directory
        
        PID:1636
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        69⤵
        
        PID:4260
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        70⤵
        
        PID:2100
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        71⤵
        
        PID:3864
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        72⤵
        
        PID:2304
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        73⤵
        
        PID:2824
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        74⤵
        
        PID:4680
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        75⤵
        
        PID:2228
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        76⤵
        
        PID:3188
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        77⤵
        
        PID:4996
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        78⤵
        
        PID:3964
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        79⤵
        
        PID:1396
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        80⤵
        
        PID:1532
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        81⤵
        
        PID:3716
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        82⤵
        
        PID:4460
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        83⤵
        
        PID:1968
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        84⤵
        
        PID:2528
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        85⤵
        
        PID:4792
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        86⤵
        
        PID:2552
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        87⤵
        
        PID:644
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        88⤵
        
        PID:1460
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        89⤵
        
        PID:3908
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        90⤵
        
        PID:2072
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        91⤵
        
        PID:4272
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        92⤵
        
        PID:1908
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        93⤵
        
        PID:1748
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        94⤵
        
        PID:2232
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        95⤵
        
        PID:2044
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        96⤵
        
        PID:1624
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        97⤵
        
        PID:1416
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        98⤵
        
        PID:4992
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        99⤵
        
        PID:2260
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        100⤵
        
        PID:5068
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        101⤵
        
        PID:1648
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        102⤵
        
        PID:2792
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        103⤵
        
        PID:3800
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        104⤵
        
        PID:1544
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        105⤵
        
        PID:3208
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        106⤵
        
        PID:4500
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        107⤵
        
        PID:2180
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        108⤵
        
        PID:4820
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        109⤵
        
        PID:1944
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        110⤵
        
        PID:4980
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        111⤵
        
        PID:4464
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        112⤵
        
        PID:3628
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        113⤵
        
        PID:3664
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        114⤵
        
        PID:4988
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        115⤵
        
        PID:3320
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        116⤵
        
        PID:3856
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        117⤵
        
        PID:3588
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        118⤵
        
        PID:2828
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        119⤵
        
        PID:3376
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        120⤵
        
        PID:4948
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        121⤵
        
        PID:4428
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        122⤵
        
        PID:920
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        123⤵
        
        PID:924
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        124⤵
        
        PID:4384
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        125⤵
        
        PID:4228
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        126⤵
        
        PID:2940
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        127⤵
        Drops file in Program Files directory
        
        PID:2208
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        128⤵
        
        PID:4520
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        129⤵
        
        PID:2752
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        130⤵
        
        PID:4940
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        131⤵
        
        PID:3364
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        132⤵
        
        PID:4192
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        133⤵
        Drops file in System32 directory
        
        PID:4344
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        134⤵
        
        PID:3440
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        135⤵
        
        PID:3292
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        136⤵
        
        PID:4184
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        137⤵
        
        PID:564
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        138⤵
        
        PID:4604
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        139⤵
        
        PID:548
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        140⤵
        
        PID:4376
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        141⤵
        
        PID:1328
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        142⤵
        
        PID:4552
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        143⤵
        
        PID:1548
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        144⤵
        
        PID:2016
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        145⤵
        
        PID:3060
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        146⤵
        
        PID:4752
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        147⤵
        
        PID:2616
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        148⤵
        
        PID:984
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        149⤵
        
        PID:4836
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        150⤵
        
        PID:692
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        151⤵
        
        PID:3672
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        152⤵
        
        PID:212
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        153⤵
        
        PID:3204
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        154⤵
        
        PID:3560
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        155⤵
        
        PID:1336
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        156⤵
        
        PID:988
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        157⤵
        
        PID:4548
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        158⤵
        
        PID:3264
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        159⤵
        
        PID:4240
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        160⤵
        Drops file in System32 directory
        
        PID:4420
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        161⤵
        
        PID:3620
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        162⤵
        
        PID:2544
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        163⤵
        
        PID:448
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        164⤵
        
        PID:1668
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        165⤵
        
        PID:1524
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        166⤵
        
        PID:2724
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        167⤵
        
        PID:4316
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        168⤵
        
        PID:4408
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        169⤵
        
        PID:636
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        170⤵
        
        PID:4516
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        171⤵
        
        PID:4544
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        172⤵
        
        PID:728
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        173⤵
        
        PID:4412
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        174⤵
        
        PID:3032
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        175⤵
        
        PID:248
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        176⤵
        
        PID:3880
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        177⤵
        
        PID:4400
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        178⤵
        
        PID:4848
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        179⤵
        Drops file in Program Files directory
        
        PID:2380
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        180⤵
        
        PID:2620
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        181⤵
        
        PID:2100
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        182⤵
        
        PID:4368
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        183⤵
        
        PID:1516
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        184⤵
        
        PID:1924
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        185⤵
        
        PID:4088
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        186⤵
        
        PID:3216
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        187⤵
        
        PID:5036
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        188⤵
        
        PID:4424
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        189⤵
        
        PID:5116
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        190⤵
        
        PID:3008
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        191⤵
        
        PID:384
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        192⤵
        
        PID:4912
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        193⤵
        
        PID:4460
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        194⤵
        
        PID:1576
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        195⤵
        
        PID:3476
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        196⤵
        
        PID:844
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        197⤵
        
        PID:1140
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        198⤵
        
        PID:888
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        199⤵
        
        PID:644
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        200⤵
        
        PID:3220
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        201⤵
        Drops file in System32 directory
        
        PID:2072
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        202⤵
        
        PID:4480
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        203⤵
        
        PID:3436
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        204⤵
        
        PID:3056
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        205⤵
        
        PID:1748
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        206⤵
        Drops file in Program Files directory
        
        PID:4908
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        207⤵
        
        PID:1972
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        208⤵
        
        PID:412
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        209⤵
        
        PID:4180
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        210⤵
        
        PID:3720
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        211⤵
        
        PID:3540
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        212⤵
        
        PID:1648
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        213⤵
        
        PID:3800
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        214⤵
        
        PID:1544
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        215⤵
        
        PID:4588
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        216⤵
        Drops file in System32 directory
        
        PID:1892
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        217⤵
        
        PID:3368
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        218⤵
        
        PID:2180
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        219⤵
        
        PID:1720
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        220⤵
        
        PID:1276
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        221⤵
        
        PID:4980
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        222⤵
        
        PID:4464
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        223⤵
        
        PID:2444
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        224⤵
        
        PID:3664
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        225⤵
        
        PID:2760
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        226⤵
        Drops file in Program Files directory
        
        PID:4828
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        227⤵
        
        PID:3860
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        228⤵
        
        PID:4380
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        229⤵
        
        PID:1404
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        230⤵
        
        PID:1660
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        231⤵
        
        PID:3884
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        232⤵
        
        PID:2556
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        233⤵
        
        PID:424
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        234⤵
        
        PID:4336
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        235⤵
        
        PID:5104
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        236⤵
        
        PID:1584
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        237⤵
        
        PID:3316
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        238⤵
        
        PID:3480
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        239⤵
        
        PID:2612
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        240⤵
        
        PID:2668
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        241⤵
        
        PID:2352
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        242⤵
        
        PID:3360
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        243⤵
        
        PID:4344
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        244⤵
        
        PID:4440
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        245⤵
        
        PID:4144
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        246⤵
        
        PID:2404
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        247⤵
        
        PID:1680
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        248⤵
        
        PID:1716
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        249⤵
        
        PID:4200
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        250⤵
        
        PID:2712
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        251⤵
        
        PID:780
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        252⤵
        
        PID:1484
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        253⤵
        Drops file in Program Files directory
        
        PID:1328
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        254⤵
        
        PID:5076
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        255⤵
        
        PID:3484
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        256⤵
        
        PID:2016
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        257⤵
        
        PID:4616
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        258⤵
        
        PID:2644
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        259⤵
        Drops file in System32 directory
        
        PID:2616
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        260⤵
        
        PID:1392
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        261⤵
        
        PID:5048
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        262⤵
        
        PID:692
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        263⤵
        
        PID:4640
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        264⤵
        
        PID:956
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        265⤵
        Drops file in Program Files directory
        
        PID:1336
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        266⤵
        
        PID:1884
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        267⤵
        
        PID:3264
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        268⤵
        
        PID:4728
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        269⤵
        
        PID:3620
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        270⤵
        
        PID:1208
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        271⤵
        
        PID:3128
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        272⤵
        
        PID:4316
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        273⤵
        
        PID:2848
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        274⤵
        
        PID:1512
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        275⤵
        
        PID:560
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        276⤵
        
        PID:216
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        277⤵
        
        PID:3996
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        278⤵
        
        PID:3880
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        279⤵
        
        PID:3464
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        280⤵
        
        PID:4848
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        281⤵
        
        PID:2304
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        282⤵
        
        PID:952
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        283⤵
        
        PID:2620
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        284⤵
        
        PID:4856
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        285⤵
        
        PID:4084
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        286⤵
        
        PID:1924
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        287⤵
        
        PID:4584
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        288⤵
        
        PID:400
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        289⤵
        
        PID:4832
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        290⤵
        
        PID:1044
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        291⤵
        
        PID:3956
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        292⤵
        
        PID:1488
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        293⤵
        
        PID:4792
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        294⤵
        
        PID:4460
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        295⤵
        
        PID:2552
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        296⤵
        
        PID:208
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        297⤵
        
        PID:1460
        
        C:\Windows\SysWOW64\LiveMessageCenter.exe
        
        C:\Windows\system32\LiveMessageCenter.exe
        298⤵
        
        PID:844
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        299⤵
        
        PID:3160
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        300⤵
        
        PID:644
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        301⤵
        
        PID:1280
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        302⤵
        
        PID:4128
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        303⤵
        
        PID:2072
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        304⤵
        
        PID:1780
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        305⤵
        
        PID:1416
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        306⤵
        
        PID:1420
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        307⤵
        
        PID:4884
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        308⤵
        
        PID:1020
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        309⤵
        
        PID:5068
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        310⤵
        
        PID:2308
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        311⤵
        
        PID:3120
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        312⤵
        
        PID:1788
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        313⤵
        
        PID:2240
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        314⤵
        
        PID:1544
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        315⤵
        
        PID:4500
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        316⤵
        
        PID:3392
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        317⤵
        
        PID:4820
        
        C:\Windows\SysWOW64\LiveMessageCenter.exe
        
        C:\Windows\system32\LiveMessageCenter.exe
        318⤵
        
        PID:4396
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        319⤵
        
        PID:2800
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        320⤵
        
        PID:4252
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        321⤵
        
        PID:2852
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        322⤵
        
        PID:3320
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        323⤵
        
        PID:3092
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        324⤵
        
        PID:2536
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        325⤵
        
        PID:2828
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        326⤵
        
        PID:2576
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        327⤵
        
        PID:480
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        328⤵
        
        PID:4212
        
        C:\Windows\SysWOW64\LiveMessageCenter.exe
        
        C:\Windows\system32\LiveMessageCenter.exe
        329⤵
        
        PID:3776
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        330⤵
        
        PID:4348
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        331⤵
        
        PID:5084
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        332⤵
        
        PID:2556
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        333⤵
        
        PID:3148
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        334⤵
        
        PID:5060
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        335⤵
        
        PID:2900
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        336⤵
        Drops file in System32 directory
        
        PID:4840
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        337⤵
        
        PID:2376
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        338⤵
        
        PID:3316
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        339⤵
        
        PID:2612
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        340⤵
        
        PID:3440
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        341⤵
        
        PID:852
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        342⤵
        
        PID:2432
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        343⤵
        
        PID:2540
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        344⤵
        
        PID:4312
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        345⤵
        
        PID:3292
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        346⤵
        
        PID:4376
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        347⤵
        
        PID:3876
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        348⤵
        
        PID:548
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        349⤵
        
        PID:2256
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        350⤵
        
        PID:4552
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        351⤵
        
        PID:1568
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        352⤵
        
        PID:1356
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        353⤵
        
        PID:1508
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        354⤵
        
        PID:3060
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        355⤵
        
        PID:2108
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        356⤵
        
        PID:1628
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        357⤵
        
        PID:4616
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        358⤵
        Drops file in Program Files directory
        
        PID:3836
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        359⤵
        
        PID:2884
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        360⤵
        
        PID:1392
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        361⤵
        
        PID:3204
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        362⤵
        
        PID:688
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        363⤵
        
        PID:1828
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        364⤵
        
        PID:692
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        365⤵
        Drops file in Program Files directory
        
        PID:3424
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        366⤵
        
        PID:3232
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        367⤵
        
        PID:2776
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        368⤵
        
        PID:4548
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        369⤵
        
        PID:5056
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        370⤵
        
        PID:4728
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        371⤵
        
        PID:1668
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        372⤵
        
        PID:4516
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        373⤵
        
        PID:1528
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        374⤵
        
        PID:4316
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        375⤵
        Drops file in System32 directory
        
        PID:4608
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        376⤵
        
        PID:1244
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        377⤵
        
        PID:3032
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        378⤵
        
        PID:2380
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        379⤵
        
        PID:3760
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        380⤵
        
        PID:3864
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        381⤵
        Drops file in System32 directory
        
        PID:2228
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        382⤵
        
        PID:2968
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        383⤵
        
        PID:4680
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        384⤵
        
        PID:3044
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        385⤵
        
        PID:2620
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        386⤵
        
        PID:4088
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        387⤵
        
        PID:4920
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        388⤵
        
        PID:3652
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        389⤵
        
        PID:3964
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        390⤵
        
        PID:5064
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        391⤵
        
        PID:3612
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        392⤵
        
        PID:3888
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        393⤵
        
        PID:1576
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        394⤵
        
        PID:1488
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        395⤵
        
        PID:708
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        396⤵
        
        PID:3476
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        397⤵
        
        PID:2552
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        398⤵
        
        PID:1800
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        399⤵
        
        PID:4936
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        400⤵
        
        PID:2164
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        401⤵
        
        PID:2276
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        402⤵
        
        PID:4480
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        403⤵
        
        PID:2176
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        404⤵
        
        PID:4128
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        405⤵
        
        PID:3444
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        406⤵
        
        PID:3668
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        407⤵
        
        PID:3348
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        408⤵
        
        PID:1416
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        409⤵
        
        PID:4180
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        410⤵
        
        PID:2972
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        411⤵
        Drops file in System32 directory
        
        PID:1648
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        412⤵
        
        PID:5096
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        413⤵
        
        PID:468
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        414⤵
        
        PID:4768
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        415⤵
        
        PID:1788
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        416⤵
        
        PID:4492
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        417⤵
        
        PID:1892
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        418⤵
        
        PID:3040
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        419⤵
        
        PID:4032
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        420⤵
        
        PID:2628
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        421⤵
        
        PID:4396
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        422⤵
        
        PID:4988
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        423⤵
        
        PID:4464
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        424⤵
        
        PID:2444
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        425⤵
        
        PID:4600
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        426⤵
        
        PID:3092
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        427⤵
        
        PID:2536
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        428⤵
        
        PID:1040
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        429⤵
        
        PID:4428
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        430⤵
        
        PID:712
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        431⤵
        
        PID:364
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        432⤵
        
        PID:3608
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        433⤵
        
        PID:920
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        434⤵
        
        PID:4212
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        435⤵
        
        PID:2460
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        436⤵
        
        PID:4348
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        437⤵
        
        PID:2208
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        438⤵
        
        PID:3364
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        439⤵
        
        PID:3148
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        440⤵
        
        PID:4300
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        441⤵
        
        PID:2224
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        442⤵
        
        PID:332
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        443⤵
        
        PID:2660
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        444⤵
        
        PID:2136
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        445⤵
        
        PID:564
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        446⤵
        
        PID:3440
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        447⤵
        
        PID:4168
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        448⤵
        
        PID:4196
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        449⤵
        
        PID:4344
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        450⤵
        
        PID:4312
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        451⤵
        
        PID:1784
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        452⤵
        
        PID:4376
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        453⤵
        
        PID:1548
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        454⤵
        
        PID:1484
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        455⤵
        
        PID:4956
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        456⤵
        
        PID:2256
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        457⤵
        Drops file in Program Files directory
        
        PID:5076
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        458⤵
        Drops file in Program Files directory
        
        PID:4752
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        459⤵
        
        PID:2716
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        460⤵
        
        PID:3484
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        461⤵
        
        PID:824
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        462⤵
        
        PID:2016
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        463⤵
        
        PID:3276
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        464⤵
        
        PID:4852
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        465⤵
        
        PID:3624
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        466⤵
        
        PID:4616
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        467⤵
        
        PID:4896
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        468⤵
        
        PID:2056
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        469⤵
        
        PID:688
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        470⤵
        
        PID:4060
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        471⤵
        
        PID:2560
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        472⤵
        
        PID:956
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        473⤵
        
        PID:692
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        474⤵
        
        PID:1076
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        475⤵
        
        PID:3140
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        476⤵
        
        PID:1524
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        477⤵
        
        PID:4756
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        478⤵
        
        PID:1348
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        479⤵
        
        PID:1600
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        480⤵
        
        PID:1668
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        481⤵
        
        PID:248
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        482⤵
        
        PID:4544
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        483⤵
        
        PID:4316
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        484⤵
        
        PID:3500
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        485⤵
        
        PID:560
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        486⤵
        
        PID:3756
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        487⤵
        
        PID:4668
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        488⤵
        
        PID:4900
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        489⤵
        
        PID:3880
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        490⤵
        
        PID:952
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        491⤵
        
        PID:1532
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        492⤵
        
        PID:2420
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        493⤵
        
        PID:4424
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        494⤵
        
        PID:4084
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        495⤵
        
        PID:2620
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        496⤵
        
        PID:4832
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        497⤵
        
        PID:1968
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        498⤵
        
        PID:3008
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        499⤵
        
        PID:3956
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        500⤵
        
        PID:2104
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        501⤵
        
        PID:3612
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        502⤵
        
        PID:4708
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        503⤵
        
        PID:3908
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        504⤵
        
        PID:1488
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        505⤵
        
        PID:4272
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        506⤵
        
        PID:1160
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        507⤵
        
        PID:3476
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        508⤵
        
        PID:2232
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        509⤵
        
        PID:3160
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        510⤵
        
        PID:4936
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        511⤵
        
        PID:2072
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        512⤵
        Drops file in Program Files directory
        
        PID:1092
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        513⤵
        
        PID:4480
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        514⤵
        
        PID:4868
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        515⤵
        
        PID:1832
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        516⤵
        
        PID:3444
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        517⤵
        
        PID:3540
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        518⤵
        
        PID:2604
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        519⤵
        
        PID:3832
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        520⤵
        
        PID:2928
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        521⤵
        
        PID:1664
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        522⤵
        Drops file in System32 directory
        
        PID:1944
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        523⤵
        Drops file in Program Files directory
        
        PID:4768
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        524⤵
        
        PID:3428
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        525⤵
        
        PID:3040
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        526⤵
        
        PID:2628
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        527⤵
        
        PID:2852
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        528⤵
        
        PID:4828
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        529⤵
        
        PID:2964
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        530⤵
        
        PID:5016
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        531⤵
        
        PID:3320
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        532⤵
        
        PID:2536
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        533⤵
        
        PID:2576
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        534⤵
        
        PID:5008
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        535⤵
        
        PID:1360
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        536⤵
        
        PID:712
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        537⤵
        
        PID:924
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        538⤵
        
        PID:4228
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        539⤵
        
        PID:3776
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        540⤵
        
        PID:2096
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        541⤵
        
        PID:2208
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        542⤵
        
        PID:4520
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        543⤵
        
        PID:2376
        
        C:\Windows\SysWOW64\LiveMessageCenter.exe
        
        C:\Windows\system32\LiveMessageCenter.exe
        544⤵
        
        PID:3364
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        545⤵
        
        PID:4804
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        546⤵
        
        PID:2252
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        547⤵
        
        PID:332
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        548⤵
        
        PID:2944
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        549⤵
        
        PID:2136
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        550⤵
        
        PID:2432
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        551⤵
        
        PID:3292
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        552⤵
        
        PID:1716
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        553⤵
        
        PID:4144
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        554⤵
        
        PID:2148
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        555⤵
        
        PID:1956
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        556⤵
        Drops file in Program Files directory
        
        PID:2564
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        557⤵
        
        PID:4552
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        558⤵
        
        PID:2712
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        559⤵
        
        PID:4956
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        560⤵
        
        PID:2108
        
        C:\Windows\SysWOW64\LiveMessageCenter.exe
        
        C:\Windows\system32\LiveMessageCenter.exe
        561⤵
        
        PID:2256
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        562⤵
        
        PID:3672
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        563⤵
        
        PID:1628
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        564⤵
        
        PID:2716
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        565⤵
        
        PID:3456
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        566⤵
        
        PID:1616
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        567⤵
        
        PID:3276
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        568⤵
        
        PID:1504
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        569⤵
        
        PID:4640
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        570⤵
        
        PID:5048
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        571⤵
        
        PID:1392
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        572⤵
        
        PID:2056
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        573⤵
        
        PID:1336
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        574⤵
        Drops file in System32 directory
        
        PID:1828
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        575⤵
        
        PID:2560
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        576⤵
        Drops file in Program Files directory
        
        PID:3264
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        577⤵
        
        PID:4860
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        578⤵
        
        PID:1008
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        579⤵
        
        PID:4664
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        580⤵
        
        PID:3076
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        581⤵
        
        PID:2848
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        582⤵
        
        PID:4412
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        583⤵
        
        PID:4728
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        584⤵
        
        PID:216
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        585⤵
        
        PID:220
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        586⤵
        
        PID:4264
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        587⤵
        
        PID:1108
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        588⤵
        
        PID:4316
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        589⤵
        
        PID:4688
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        590⤵
        
        PID:2304
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        591⤵
        
        PID:3760
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        592⤵
        
        PID:4900
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        593⤵
        
        PID:4680
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        594⤵
        
        PID:1516
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        595⤵
        
        PID:4584
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        596⤵
        
        PID:384
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        597⤵
        
        PID:4424
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        598⤵
        
        PID:2172
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        599⤵
        
        PID:3652
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        600⤵
        
        PID:1968
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        601⤵
        
        PID:3008
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        602⤵
        
        PID:4460
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        603⤵
        
        PID:4172
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        604⤵
        Drops file in Program Files directory
        
        PID:4708
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        605⤵
        
        PID:2552
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        606⤵
        
        PID:844
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        607⤵
        
        PID:4744
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        608⤵
        
        PID:392
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        609⤵
        
        PID:2276
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        610⤵
        
        PID:3160
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        611⤵
        
        PID:2176
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        612⤵
        
        PID:2648
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        613⤵
        
        PID:4884
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        614⤵
        
        PID:3348
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        615⤵
        
        PID:4488
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        616⤵
        
        PID:1832
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        617⤵
        
        PID:3208
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        618⤵
        
        PID:3444
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        619⤵
        
        PID:2604
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        620⤵
        
        PID:1720
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        621⤵
        
        PID:1544
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        622⤵
        
        PID:1664
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        623⤵
        
        PID:1276
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        624⤵
        
        PID:3628
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        625⤵
        
        PID:3428
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        626⤵
        
        PID:3588
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        627⤵
        
        PID:2760
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        628⤵
        
        PID:2852
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        629⤵
        
        PID:4600
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        630⤵
        
        PID:4828
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        631⤵
        
        PID:5016
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        632⤵
        
        PID:988
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        633⤵
        
        PID:3972
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        634⤵
        
        PID:1396
        
        C:\Windows\SysWOW64\LiveMessageCenter.exe
        
        C:\Windows\system32\LiveMessageCenter.exe
        635⤵
        
        PID:4384
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        636⤵
        
        PID:1360
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        637⤵
        
        PID:920
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        638⤵
        
        PID:4348
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        639⤵
        
        PID:924
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        640⤵
        
        PID:5060
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        641⤵
        
        PID:4840
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        642⤵
        
        PID:2208
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        643⤵
        
        PID:2080
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        644⤵
        
        PID:2612
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        645⤵
        Drops file in System32 directory
        
        PID:4192
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        646⤵
        
        PID:2672
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        647⤵
        
        PID:2252
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        648⤵
        
        PID:852
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        649⤵
        
        PID:1680
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        650⤵
        
        PID:4888
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        651⤵
        
        PID:2432
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        652⤵
        
        PID:1328
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        653⤵
        
        PID:4344
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        654⤵
        
        PID:2856
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        655⤵
        
        PID:4200
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        656⤵
        
        PID:1956
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        657⤵
        
        PID:1568
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        658⤵
        
        PID:1860
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        659⤵
        
        PID:2712
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        660⤵
        
        PID:2108
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        661⤵
        
        PID:4436
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        662⤵
        
        PID:2896
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        663⤵
        
        PID:4732
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        664⤵
        Drops file in System32 directory
        
        PID:3672
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        665⤵
        
        PID:2016
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        666⤵
        
        PID:3624
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        667⤵
        
        PID:4852
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        668⤵
        
        PID:3276
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        669⤵
        
        PID:3236
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        670⤵
        
        PID:4896
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        671⤵
        
        PID:2924
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        672⤵
        
        PID:2132
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        673⤵
        
        PID:1392
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        674⤵
        
        PID:692
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        675⤵
        
        PID:4548
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        676⤵
        
        PID:1208
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        677⤵
        
        PID:2776
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        678⤵
        
        PID:5056
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        679⤵
        
        PID:1008
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        680⤵
        
        PID:1512
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        681⤵
        
        PID:1284
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        682⤵
        
        PID:2848
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        683⤵
        
        PID:4608
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        684⤵
        
        PID:1528
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        685⤵
        
        PID:4728
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        686⤵
        
        PID:220
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        687⤵
        
        PID:2228
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        688⤵
        
        PID:3864
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        689⤵
        
        PID:2508
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        690⤵
        
        PID:1924
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        691⤵
        
        PID:4688
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        692⤵
        
        PID:3760
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        693⤵
        
        PID:1312
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        694⤵
        
        PID:4680
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        695⤵
        
        PID:1516
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        696⤵
        
        PID:1044
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        697⤵
        Drops file in Program Files directory
        
        PID:4584
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        698⤵
        
        PID:4912
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        699⤵
        
        PID:2172
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        700⤵
        Drops file in Program Files directory
        
        PID:2104
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        701⤵
        
        PID:3816
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        702⤵
        
        PID:4508
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        703⤵
        
        PID:3220
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        704⤵
        
        PID:1460
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        705⤵
        
        PID:1780
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        706⤵
        
        PID:4992
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        707⤵
        
        PID:644
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        708⤵
        Drops file in System32 directory
        
        PID:2072
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        709⤵
        
        PID:412
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        710⤵
        
        PID:3056
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        711⤵
        
        PID:2308
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        712⤵
        
        PID:4944
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        713⤵
        
        PID:2184
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        714⤵
        
        PID:2240
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        715⤵
        
        PID:1416
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        716⤵
        
        PID:4868
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        717⤵
        
        PID:4404
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        718⤵
        
        PID:468
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        719⤵
        
        PID:3540
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        720⤵
        
        PID:2800
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        721⤵
        
        PID:4820
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        722⤵
        Drops file in Program Files directory
        
        PID:2928
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        723⤵
        
        PID:2040
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        724⤵
        
        PID:4980
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        725⤵
        
        PID:3628
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        726⤵
        
        PID:3040
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        727⤵
        
        PID:3860
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        728⤵
        
        PID:3428
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        729⤵
        
        PID:2964
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        730⤵
        
        PID:4260
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        731⤵
        
        PID:4948
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        732⤵
        
        PID:1404
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        733⤵
        
        PID:5016
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        734⤵
        
        PID:2940
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        735⤵
        
        PID:1688
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        649⤵
        Drops file in Program Files directory
        
        PID:2404
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        643⤵
        
        PID:564
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        644⤵
        
        PID:2660
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        645⤵
        
        PID:3048
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        646⤵
        
        PID:2944
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        647⤵
        
        PID:852
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        555⤵
        
        PID:2432
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        556⤵
        
        PID:4376
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        557⤵
        
        PID:3060
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        558⤵
        
        PID:2856
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        559⤵
        
        PID:1508
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        560⤵
        
        PID:4836
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        247⤵
        
        PID:4144
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        248⤵
        
        PID:2148
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        150⤵
        Drops file in System32 directory
        
        PID:1568
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        151⤵
        
        PID:2364
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        152⤵
        
        PID:2408

C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
1⤵
PID:2724

C:\Windows\system32\backgroundTaskHost.exe
"C:\Windows\system32\backgroundTaskHost.exe" -ServerName:App.AppXmtcan0h2tfbfy7k9kn8hbxb6dmzz1zh0.mca
1⤵
PID:4180

C:\Windows\SysWOW64\casino_extensions.exe
C:\Windows\system32\casino_extensions.exe
1⤵
PID:1396
- C:\Windows\SysWOW64\Casino_ext.exe
  C:\Windows\SysWOW64\Casino_ext.exe
  2⤵
  PID:2900
- - C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
    "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
    3⤵
    PID:1584
  - - C:\Windows\SysWOW64\casino_extensions.exe
      C:\Windows\system32\casino_extensions.exe
      4⤵
      PID:920
    - - C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        5⤵
        
        PID:3148
      - C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        6⤵
        
        PID:4300
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        7⤵
        
        PID:5060
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        8⤵
        
        PID:1976
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        9⤵
        
        PID:3392
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        10⤵
        
        PID:1892
        
        C:\Windows\SysWOW64\Casino_ext.exe
        
        C:\Windows\SysWOW64\Casino_ext.exe
        11⤵
        
        PID:3360
        
        C:\Program Files (x86)\Internet Explorer\casino_extensions.exe
        
        "C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"
        12⤵
        
        PID:5040
        
        C:\Windows\SysWOW64\casino_extensions.exe
        
        C:\Windows\system32\casino_extensions.exe
        13⤵
        
        PID:2208

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Internet Explorer\casino_extensions.exe

Filesize
351KB

MD5
b431428f3660daeede9e1652afaf11b3

SHA1
aa1f2e3fecfa008c072786dee8de223e6e70c368

SHA256
f6598c35b85996cce23c19741488c9bcc9062babfc0a1795b3d6b14fedfacdaf

SHA512
e87d09a73890e9314a2b8b23e8b92887178658a627d2cf3d946d99a4a1054eb4f1dd7f7510fddc7620599e90e3700005d04ade7da7b02c60fe9923321b9e2b53

Download Submit
C:\Program Files (x86)\Internet Explorer\casino_extensions.exe

Filesize
351KB

MD5
b431428f3660daeede9e1652afaf11b3

SHA1
aa1f2e3fecfa008c072786dee8de223e6e70c368

SHA256
f6598c35b85996cce23c19741488c9bcc9062babfc0a1795b3d6b14fedfacdaf

SHA512
e87d09a73890e9314a2b8b23e8b92887178658a627d2cf3d946d99a4a1054eb4f1dd7f7510fddc7620599e90e3700005d04ade7da7b02c60fe9923321b9e2b53

Download Submit
C:\Program Files (x86)\Internet Explorer\casino_extensions.exe

Filesize
351KB

MD5
b431428f3660daeede9e1652afaf11b3

SHA1
aa1f2e3fecfa008c072786dee8de223e6e70c368

SHA256
f6598c35b85996cce23c19741488c9bcc9062babfc0a1795b3d6b14fedfacdaf

SHA512
e87d09a73890e9314a2b8b23e8b92887178658a627d2cf3d946d99a4a1054eb4f1dd7f7510fddc7620599e90e3700005d04ade7da7b02c60fe9923321b9e2b53

Download Submit
C:\Program Files (x86)\Internet Explorer\casino_extensions.exe

Filesize
351KB

MD5
b431428f3660daeede9e1652afaf11b3

SHA1
aa1f2e3fecfa008c072786dee8de223e6e70c368

SHA256
f6598c35b85996cce23c19741488c9bcc9062babfc0a1795b3d6b14fedfacdaf

SHA512
e87d09a73890e9314a2b8b23e8b92887178658a627d2cf3d946d99a4a1054eb4f1dd7f7510fddc7620599e90e3700005d04ade7da7b02c60fe9923321b9e2b53

Download Submit
C:\Program Files (x86)\Internet Explorer\casino_extensions.exe

Filesize
351KB

MD5
b431428f3660daeede9e1652afaf11b3

SHA1
aa1f2e3fecfa008c072786dee8de223e6e70c368

SHA256
f6598c35b85996cce23c19741488c9bcc9062babfc0a1795b3d6b14fedfacdaf

SHA512
e87d09a73890e9314a2b8b23e8b92887178658a627d2cf3d946d99a4a1054eb4f1dd7f7510fddc7620599e90e3700005d04ade7da7b02c60fe9923321b9e2b53

Download Submit
C:\Windows\SysWOW64\Casino_ext.exe

Filesize
351KB

MD5
b431428f3660daeede9e1652afaf11b3

SHA1
aa1f2e3fecfa008c072786dee8de223e6e70c368

SHA256
f6598c35b85996cce23c19741488c9bcc9062babfc0a1795b3d6b14fedfacdaf

SHA512
e87d09a73890e9314a2b8b23e8b92887178658a627d2cf3d946d99a4a1054eb4f1dd7f7510fddc7620599e90e3700005d04ade7da7b02c60fe9923321b9e2b53

Download Submit
C:\Windows\SysWOW64\Casino_ext.exe

Filesize
351KB

MD5
b431428f3660daeede9e1652afaf11b3

SHA1
aa1f2e3fecfa008c072786dee8de223e6e70c368

SHA256
f6598c35b85996cce23c19741488c9bcc9062babfc0a1795b3d6b14fedfacdaf

SHA512
e87d09a73890e9314a2b8b23e8b92887178658a627d2cf3d946d99a4a1054eb4f1dd7f7510fddc7620599e90e3700005d04ade7da7b02c60fe9923321b9e2b53

Download Submit
C:\Windows\SysWOW64\Casino_ext.exe

Filesize
351KB

MD5
b431428f3660daeede9e1652afaf11b3

SHA1
aa1f2e3fecfa008c072786dee8de223e6e70c368

SHA256
f6598c35b85996cce23c19741488c9bcc9062babfc0a1795b3d6b14fedfacdaf

SHA512
e87d09a73890e9314a2b8b23e8b92887178658a627d2cf3d946d99a4a1054eb4f1dd7f7510fddc7620599e90e3700005d04ade7da7b02c60fe9923321b9e2b53

Download Submit
C:\Windows\SysWOW64\Casino_ext.exe

Filesize
351KB

MD5
b431428f3660daeede9e1652afaf11b3

SHA1
aa1f2e3fecfa008c072786dee8de223e6e70c368

SHA256
f6598c35b85996cce23c19741488c9bcc9062babfc0a1795b3d6b14fedfacdaf

SHA512
e87d09a73890e9314a2b8b23e8b92887178658a627d2cf3d946d99a4a1054eb4f1dd7f7510fddc7620599e90e3700005d04ade7da7b02c60fe9923321b9e2b53

Download Submit
C:\Windows\SysWOW64\Casino_ext.exe

Filesize
351KB

MD5
b431428f3660daeede9e1652afaf11b3

SHA1
aa1f2e3fecfa008c072786dee8de223e6e70c368

SHA256
f6598c35b85996cce23c19741488c9bcc9062babfc0a1795b3d6b14fedfacdaf

SHA512
e87d09a73890e9314a2b8b23e8b92887178658a627d2cf3d946d99a4a1054eb4f1dd7f7510fddc7620599e90e3700005d04ade7da7b02c60fe9923321b9e2b53

Download Submit
C:\Windows\SysWOW64\Casino_ext.exe

Filesize
351KB

MD5
b431428f3660daeede9e1652afaf11b3

SHA1
aa1f2e3fecfa008c072786dee8de223e6e70c368

SHA256
f6598c35b85996cce23c19741488c9bcc9062babfc0a1795b3d6b14fedfacdaf

SHA512
e87d09a73890e9314a2b8b23e8b92887178658a627d2cf3d946d99a4a1054eb4f1dd7f7510fddc7620599e90e3700005d04ade7da7b02c60fe9923321b9e2b53

Download Submit
C:\Windows\SysWOW64\Casino_ext.exe

Filesize
351KB

MD5
b431428f3660daeede9e1652afaf11b3

SHA1
aa1f2e3fecfa008c072786dee8de223e6e70c368

SHA256
f6598c35b85996cce23c19741488c9bcc9062babfc0a1795b3d6b14fedfacdaf

SHA512
e87d09a73890e9314a2b8b23e8b92887178658a627d2cf3d946d99a4a1054eb4f1dd7f7510fddc7620599e90e3700005d04ade7da7b02c60fe9923321b9e2b53

Download Submit
C:\Windows\SysWOW64\Casino_ext.exe

Filesize
351KB

MD5
b431428f3660daeede9e1652afaf11b3

SHA1
aa1f2e3fecfa008c072786dee8de223e6e70c368

SHA256
f6598c35b85996cce23c19741488c9bcc9062babfc0a1795b3d6b14fedfacdaf

SHA512
e87d09a73890e9314a2b8b23e8b92887178658a627d2cf3d946d99a4a1054eb4f1dd7f7510fddc7620599e90e3700005d04ade7da7b02c60fe9923321b9e2b53

Download Submit
C:\Windows\SysWOW64\Casino_ext.exe

Filesize
351KB

MD5
b431428f3660daeede9e1652afaf11b3

SHA1
aa1f2e3fecfa008c072786dee8de223e6e70c368

SHA256
f6598c35b85996cce23c19741488c9bcc9062babfc0a1795b3d6b14fedfacdaf

SHA512
e87d09a73890e9314a2b8b23e8b92887178658a627d2cf3d946d99a4a1054eb4f1dd7f7510fddc7620599e90e3700005d04ade7da7b02c60fe9923321b9e2b53

Download Submit
C:\Windows\SysWOW64\Casino_ext.exe

Filesize
351KB

MD5
b431428f3660daeede9e1652afaf11b3

SHA1
aa1f2e3fecfa008c072786dee8de223e6e70c368

SHA256
f6598c35b85996cce23c19741488c9bcc9062babfc0a1795b3d6b14fedfacdaf

SHA512
e87d09a73890e9314a2b8b23e8b92887178658a627d2cf3d946d99a4a1054eb4f1dd7f7510fddc7620599e90e3700005d04ade7da7b02c60fe9923321b9e2b53

Download Submit
C:\Windows\SysWOW64\Casino_ext.exe

Filesize
351KB

MD5
b431428f3660daeede9e1652afaf11b3

SHA1
aa1f2e3fecfa008c072786dee8de223e6e70c368

SHA256
f6598c35b85996cce23c19741488c9bcc9062babfc0a1795b3d6b14fedfacdaf

SHA512
e87d09a73890e9314a2b8b23e8b92887178658a627d2cf3d946d99a4a1054eb4f1dd7f7510fddc7620599e90e3700005d04ade7da7b02c60fe9923321b9e2b53

Download Submit
C:\Windows\SysWOW64\Casino_ext.exe

Filesize
351KB

MD5
b431428f3660daeede9e1652afaf11b3

SHA1
aa1f2e3fecfa008c072786dee8de223e6e70c368

SHA256
f6598c35b85996cce23c19741488c9bcc9062babfc0a1795b3d6b14fedfacdaf

SHA512
e87d09a73890e9314a2b8b23e8b92887178658a627d2cf3d946d99a4a1054eb4f1dd7f7510fddc7620599e90e3700005d04ade7da7b02c60fe9923321b9e2b53

Download Submit
C:\Windows\SysWOW64\Casino_ext.exe

Filesize
351KB

MD5
b431428f3660daeede9e1652afaf11b3

SHA1
aa1f2e3fecfa008c072786dee8de223e6e70c368

SHA256
f6598c35b85996cce23c19741488c9bcc9062babfc0a1795b3d6b14fedfacdaf

SHA512
e87d09a73890e9314a2b8b23e8b92887178658a627d2cf3d946d99a4a1054eb4f1dd7f7510fddc7620599e90e3700005d04ade7da7b02c60fe9923321b9e2b53

Download Submit
C:\Windows\SysWOW64\Casino_ext.exe

Filesize
351KB

MD5
b431428f3660daeede9e1652afaf11b3

SHA1
aa1f2e3fecfa008c072786dee8de223e6e70c368

SHA256
f6598c35b85996cce23c19741488c9bcc9062babfc0a1795b3d6b14fedfacdaf

SHA512
e87d09a73890e9314a2b8b23e8b92887178658a627d2cf3d946d99a4a1054eb4f1dd7f7510fddc7620599e90e3700005d04ade7da7b02c60fe9923321b9e2b53

Download Submit
C:\Windows\SysWOW64\Casino_ext.exe

Filesize
351KB

MD5
b431428f3660daeede9e1652afaf11b3

SHA1
aa1f2e3fecfa008c072786dee8de223e6e70c368

SHA256
f6598c35b85996cce23c19741488c9bcc9062babfc0a1795b3d6b14fedfacdaf

SHA512
e87d09a73890e9314a2b8b23e8b92887178658a627d2cf3d946d99a4a1054eb4f1dd7f7510fddc7620599e90e3700005d04ade7da7b02c60fe9923321b9e2b53

Download Submit
C:\Windows\SysWOW64\Casino_ext.exe

Filesize
351KB

MD5
b431428f3660daeede9e1652afaf11b3

SHA1
aa1f2e3fecfa008c072786dee8de223e6e70c368

SHA256
f6598c35b85996cce23c19741488c9bcc9062babfc0a1795b3d6b14fedfacdaf

SHA512
e87d09a73890e9314a2b8b23e8b92887178658a627d2cf3d946d99a4a1054eb4f1dd7f7510fddc7620599e90e3700005d04ade7da7b02c60fe9923321b9e2b53

Download Submit
C:\Windows\SysWOW64\Casino_ext.exe

Filesize
351KB

MD5
b431428f3660daeede9e1652afaf11b3

SHA1
aa1f2e3fecfa008c072786dee8de223e6e70c368

SHA256
f6598c35b85996cce23c19741488c9bcc9062babfc0a1795b3d6b14fedfacdaf

SHA512
e87d09a73890e9314a2b8b23e8b92887178658a627d2cf3d946d99a4a1054eb4f1dd7f7510fddc7620599e90e3700005d04ade7da7b02c60fe9923321b9e2b53

Download Submit
C:\Windows\SysWOW64\Casino_ext.exe

Filesize
351KB

MD5
b431428f3660daeede9e1652afaf11b3

SHA1
aa1f2e3fecfa008c072786dee8de223e6e70c368

SHA256
f6598c35b85996cce23c19741488c9bcc9062babfc0a1795b3d6b14fedfacdaf

SHA512
e87d09a73890e9314a2b8b23e8b92887178658a627d2cf3d946d99a4a1054eb4f1dd7f7510fddc7620599e90e3700005d04ade7da7b02c60fe9923321b9e2b53

Download Submit
C:\Windows\SysWOW64\Casino_ext.exe

Filesize
351KB

MD5
b431428f3660daeede9e1652afaf11b3

SHA1
aa1f2e3fecfa008c072786dee8de223e6e70c368

SHA256
f6598c35b85996cce23c19741488c9bcc9062babfc0a1795b3d6b14fedfacdaf

SHA512
e87d09a73890e9314a2b8b23e8b92887178658a627d2cf3d946d99a4a1054eb4f1dd7f7510fddc7620599e90e3700005d04ade7da7b02c60fe9923321b9e2b53

Download Submit
C:\Windows\SysWOW64\Casino_ext.exe

Filesize
351KB

MD5
b431428f3660daeede9e1652afaf11b3

SHA1
aa1f2e3fecfa008c072786dee8de223e6e70c368

SHA256
f6598c35b85996cce23c19741488c9bcc9062babfc0a1795b3d6b14fedfacdaf

SHA512
e87d09a73890e9314a2b8b23e8b92887178658a627d2cf3d946d99a4a1054eb4f1dd7f7510fddc7620599e90e3700005d04ade7da7b02c60fe9923321b9e2b53

Download Submit
C:\Windows\SysWOW64\Casino_ext.exe

Filesize
351KB

MD5
b431428f3660daeede9e1652afaf11b3

SHA1
aa1f2e3fecfa008c072786dee8de223e6e70c368

SHA256
f6598c35b85996cce23c19741488c9bcc9062babfc0a1795b3d6b14fedfacdaf

SHA512
e87d09a73890e9314a2b8b23e8b92887178658a627d2cf3d946d99a4a1054eb4f1dd7f7510fddc7620599e90e3700005d04ade7da7b02c60fe9923321b9e2b53

Download Submit
C:\Windows\SysWOW64\Casino_ext.exe

Filesize
351KB

MD5
b431428f3660daeede9e1652afaf11b3

SHA1
aa1f2e3fecfa008c072786dee8de223e6e70c368

SHA256
f6598c35b85996cce23c19741488c9bcc9062babfc0a1795b3d6b14fedfacdaf

SHA512
e87d09a73890e9314a2b8b23e8b92887178658a627d2cf3d946d99a4a1054eb4f1dd7f7510fddc7620599e90e3700005d04ade7da7b02c60fe9923321b9e2b53

Download Submit
C:\Windows\SysWOW64\Casino_ext.exe

Filesize
351KB

MD5
b431428f3660daeede9e1652afaf11b3

SHA1
aa1f2e3fecfa008c072786dee8de223e6e70c368

SHA256
f6598c35b85996cce23c19741488c9bcc9062babfc0a1795b3d6b14fedfacdaf

SHA512
e87d09a73890e9314a2b8b23e8b92887178658a627d2cf3d946d99a4a1054eb4f1dd7f7510fddc7620599e90e3700005d04ade7da7b02c60fe9923321b9e2b53

Download Submit
C:\Windows\SysWOW64\Casino_ext.exe

Filesize
356KB

MD5
d75307b57e66843bee0c36635140f68a

SHA1
bf77fb6c37fb5fdad67e4d1aaa0623cf38376904

SHA256
f9cf5a2659a9d4cba9ae628cc60c6b3faca09f3ceaf284aefecbbf7bc974d279

SHA512
d420ad15d854c5a167bb74d7c3453eabd02393c8c2391368b8a2536f7fd7b97c7b1e525c6b8d068d8e66dc4e2ca927d376b7865ef28c9dab23bb8c672d848227

Download Submit
C:\Windows\SysWOW64\Casino_ext.exe

Filesize
356KB

MD5
d75307b57e66843bee0c36635140f68a

SHA1
bf77fb6c37fb5fdad67e4d1aaa0623cf38376904

SHA256
f9cf5a2659a9d4cba9ae628cc60c6b3faca09f3ceaf284aefecbbf7bc974d279

SHA512
d420ad15d854c5a167bb74d7c3453eabd02393c8c2391368b8a2536f7fd7b97c7b1e525c6b8d068d8e66dc4e2ca927d376b7865ef28c9dab23bb8c672d848227

Download Submit
C:\Windows\SysWOW64\Casino_ext.exe

Filesize
356KB

MD5
d75307b57e66843bee0c36635140f68a

SHA1
bf77fb6c37fb5fdad67e4d1aaa0623cf38376904

SHA256
f9cf5a2659a9d4cba9ae628cc60c6b3faca09f3ceaf284aefecbbf7bc974d279

SHA512
d420ad15d854c5a167bb74d7c3453eabd02393c8c2391368b8a2536f7fd7b97c7b1e525c6b8d068d8e66dc4e2ca927d376b7865ef28c9dab23bb8c672d848227

Download Submit
C:\Windows\SysWOW64\LiveMessageCenter.exe

Filesize
345KB

MD5
cab5088c186e1719564c992b0caed6f5

SHA1
881100f52e43cbe81d51df85fdab77faccaf1e43

SHA256
996799be30dad97781a915aef67642810088feffa8608d7a5a439e492b0813ca

SHA512
2de4f3499041e650eebaff32036dde8a4143a5136359bacf727f0633b9385b82a7a674a72b220173517993132a0f2fbba9bd32041ecb588fc87846523d8826d1

Download Submit
C:\Windows\SysWOW64\LiveMessageCenter.exe

Filesize
345KB

MD5
cab5088c186e1719564c992b0caed6f5

SHA1
881100f52e43cbe81d51df85fdab77faccaf1e43

SHA256
996799be30dad97781a915aef67642810088feffa8608d7a5a439e492b0813ca

SHA512
2de4f3499041e650eebaff32036dde8a4143a5136359bacf727f0633b9385b82a7a674a72b220173517993132a0f2fbba9bd32041ecb588fc87846523d8826d1

Download Submit
C:\Windows\SysWOW64\LiveMessageCenter.exe

Filesize
345KB

MD5
cab5088c186e1719564c992b0caed6f5

SHA1
881100f52e43cbe81d51df85fdab77faccaf1e43

SHA256
996799be30dad97781a915aef67642810088feffa8608d7a5a439e492b0813ca

SHA512
2de4f3499041e650eebaff32036dde8a4143a5136359bacf727f0633b9385b82a7a674a72b220173517993132a0f2fbba9bd32041ecb588fc87846523d8826d1

Download Submit
C:\Windows\SysWOW64\LiveMessageCenter.exe

Filesize
345KB

MD5
cab5088c186e1719564c992b0caed6f5

SHA1
881100f52e43cbe81d51df85fdab77faccaf1e43

SHA256
996799be30dad97781a915aef67642810088feffa8608d7a5a439e492b0813ca

SHA512
2de4f3499041e650eebaff32036dde8a4143a5136359bacf727f0633b9385b82a7a674a72b220173517993132a0f2fbba9bd32041ecb588fc87846523d8826d1

Download Submit
C:\Windows\SysWOW64\casino_extensions.exe

Filesize
351KB

MD5
b431428f3660daeede9e1652afaf11b3

SHA1
aa1f2e3fecfa008c072786dee8de223e6e70c368

SHA256
f6598c35b85996cce23c19741488c9bcc9062babfc0a1795b3d6b14fedfacdaf

SHA512
e87d09a73890e9314a2b8b23e8b92887178658a627d2cf3d946d99a4a1054eb4f1dd7f7510fddc7620599e90e3700005d04ade7da7b02c60fe9923321b9e2b53

Download Submit
C:\Windows\SysWOW64\casino_extensions.exe

Filesize
351KB

MD5
b431428f3660daeede9e1652afaf11b3

SHA1
aa1f2e3fecfa008c072786dee8de223e6e70c368

SHA256
f6598c35b85996cce23c19741488c9bcc9062babfc0a1795b3d6b14fedfacdaf

SHA512
e87d09a73890e9314a2b8b23e8b92887178658a627d2cf3d946d99a4a1054eb4f1dd7f7510fddc7620599e90e3700005d04ade7da7b02c60fe9923321b9e2b53

Download Submit
C:\Windows\SysWOW64\casino_extensions.exe

Filesize
363KB

MD5
cb8992a53beb3ce5aab22024be92e931

SHA1
6fbc7d0f1b269bdb4021aeac367b22527be7ac53

SHA256
5afc60f421655897fab6b785745dde23486ef5cda3fca4668ef90b6d14e47eb7

SHA512
dcb61597b0be4dda6c0aefd74ea6548fc010daf6590aeb36637546dd2ab75e1efbc527535833d15d9ea71f3958fb2ca179668736f521cf7702263ddb8ea7eb45

Download Submit
C:\Windows\SysWOW64\casino_extensions.exe

Filesize
363KB

MD5
cb8992a53beb3ce5aab22024be92e931

SHA1
6fbc7d0f1b269bdb4021aeac367b22527be7ac53

SHA256
5afc60f421655897fab6b785745dde23486ef5cda3fca4668ef90b6d14e47eb7

SHA512
dcb61597b0be4dda6c0aefd74ea6548fc010daf6590aeb36637546dd2ab75e1efbc527535833d15d9ea71f3958fb2ca179668736f521cf7702263ddb8ea7eb45

Download Submit
C:\Windows\SysWOW64\casino_extensions.exe

Filesize
363KB

MD5
cb8992a53beb3ce5aab22024be92e931

SHA1
6fbc7d0f1b269bdb4021aeac367b22527be7ac53

SHA256
5afc60f421655897fab6b785745dde23486ef5cda3fca4668ef90b6d14e47eb7

SHA512
dcb61597b0be4dda6c0aefd74ea6548fc010daf6590aeb36637546dd2ab75e1efbc527535833d15d9ea71f3958fb2ca179668736f521cf7702263ddb8ea7eb45

Download Submit
C:\Windows\SysWOW64\casino_extensions.exe

Filesize
356KB

MD5
d75307b57e66843bee0c36635140f68a

SHA1
bf77fb6c37fb5fdad67e4d1aaa0623cf38376904

SHA256
f9cf5a2659a9d4cba9ae628cc60c6b3faca09f3ceaf284aefecbbf7bc974d279

SHA512
d420ad15d854c5a167bb74d7c3453eabd02393c8c2391368b8a2536f7fd7b97c7b1e525c6b8d068d8e66dc4e2ca927d376b7865ef28c9dab23bb8c672d848227

Download Submit
C:\Windows\SysWOW64\casino_extensions.exe

Filesize
356KB

MD5
d75307b57e66843bee0c36635140f68a

SHA1
bf77fb6c37fb5fdad67e4d1aaa0623cf38376904

SHA256
f9cf5a2659a9d4cba9ae628cc60c6b3faca09f3ceaf284aefecbbf7bc974d279

SHA512
d420ad15d854c5a167bb74d7c3453eabd02393c8c2391368b8a2536f7fd7b97c7b1e525c6b8d068d8e66dc4e2ca927d376b7865ef28c9dab23bb8c672d848227

Download Submit
C:\Windows\SysWOW64\casino_extensions.exe

Filesize
356KB

MD5
d75307b57e66843bee0c36635140f68a

SHA1
bf77fb6c37fb5fdad67e4d1aaa0623cf38376904

SHA256
f9cf5a2659a9d4cba9ae628cc60c6b3faca09f3ceaf284aefecbbf7bc974d279

SHA512
d420ad15d854c5a167bb74d7c3453eabd02393c8c2391368b8a2536f7fd7b97c7b1e525c6b8d068d8e66dc4e2ca927d376b7865ef28c9dab23bb8c672d848227

Download Submit
C:\Windows\SysWOW64\casino_extensions.exe

Filesize
356KB

MD5
d75307b57e66843bee0c36635140f68a

SHA1
bf77fb6c37fb5fdad67e4d1aaa0623cf38376904

SHA256
f9cf5a2659a9d4cba9ae628cc60c6b3faca09f3ceaf284aefecbbf7bc974d279

SHA512
d420ad15d854c5a167bb74d7c3453eabd02393c8c2391368b8a2536f7fd7b97c7b1e525c6b8d068d8e66dc4e2ca927d376b7865ef28c9dab23bb8c672d848227

Download Submit
C:\Windows\SysWOW64\casino_extensions.exe

Filesize
356KB

MD5
d75307b57e66843bee0c36635140f68a

SHA1
bf77fb6c37fb5fdad67e4d1aaa0623cf38376904

SHA256
f9cf5a2659a9d4cba9ae628cc60c6b3faca09f3ceaf284aefecbbf7bc974d279

SHA512
d420ad15d854c5a167bb74d7c3453eabd02393c8c2391368b8a2536f7fd7b97c7b1e525c6b8d068d8e66dc4e2ca927d376b7865ef28c9dab23bb8c672d848227

Download Submit
C:\Windows\SysWOW64\casino_extensions.exe

Filesize
356KB

MD5
d75307b57e66843bee0c36635140f68a

SHA1
bf77fb6c37fb5fdad67e4d1aaa0623cf38376904

SHA256
f9cf5a2659a9d4cba9ae628cc60c6b3faca09f3ceaf284aefecbbf7bc974d279

SHA512
d420ad15d854c5a167bb74d7c3453eabd02393c8c2391368b8a2536f7fd7b97c7b1e525c6b8d068d8e66dc4e2ca927d376b7865ef28c9dab23bb8c672d848227

Download Submit
C:\Windows\SysWOW64\casino_extensions.exe

Filesize
356KB

MD5
d75307b57e66843bee0c36635140f68a

SHA1
bf77fb6c37fb5fdad67e4d1aaa0623cf38376904

SHA256
f9cf5a2659a9d4cba9ae628cc60c6b3faca09f3ceaf284aefecbbf7bc974d279

SHA512
d420ad15d854c5a167bb74d7c3453eabd02393c8c2391368b8a2536f7fd7b97c7b1e525c6b8d068d8e66dc4e2ca927d376b7865ef28c9dab23bb8c672d848227

Download Submit
C:\Windows\SysWOW64\casino_extensions.exe

Filesize
356KB

MD5
d75307b57e66843bee0c36635140f68a

SHA1
bf77fb6c37fb5fdad67e4d1aaa0623cf38376904

SHA256
f9cf5a2659a9d4cba9ae628cc60c6b3faca09f3ceaf284aefecbbf7bc974d279

SHA512
d420ad15d854c5a167bb74d7c3453eabd02393c8c2391368b8a2536f7fd7b97c7b1e525c6b8d068d8e66dc4e2ca927d376b7865ef28c9dab23bb8c672d848227

Download Submit
C:\Windows\SysWOW64\casino_extensions.exe

Filesize
356KB

MD5
d75307b57e66843bee0c36635140f68a

SHA1
bf77fb6c37fb5fdad67e4d1aaa0623cf38376904

SHA256
f9cf5a2659a9d4cba9ae628cc60c6b3faca09f3ceaf284aefecbbf7bc974d279

SHA512
d420ad15d854c5a167bb74d7c3453eabd02393c8c2391368b8a2536f7fd7b97c7b1e525c6b8d068d8e66dc4e2ca927d376b7865ef28c9dab23bb8c672d848227

Download Submit
C:\Windows\SysWOW64\casino_extensions.exe

Filesize
356KB

MD5
d75307b57e66843bee0c36635140f68a

SHA1
bf77fb6c37fb5fdad67e4d1aaa0623cf38376904

SHA256
f9cf5a2659a9d4cba9ae628cc60c6b3faca09f3ceaf284aefecbbf7bc974d279

SHA512
d420ad15d854c5a167bb74d7c3453eabd02393c8c2391368b8a2536f7fd7b97c7b1e525c6b8d068d8e66dc4e2ca927d376b7865ef28c9dab23bb8c672d848227

Download Submit
C:\Windows\SysWOW64\casino_extensions.exe

Filesize
356KB

MD5
d75307b57e66843bee0c36635140f68a

SHA1
bf77fb6c37fb5fdad67e4d1aaa0623cf38376904

SHA256
f9cf5a2659a9d4cba9ae628cc60c6b3faca09f3ceaf284aefecbbf7bc974d279

SHA512
d420ad15d854c5a167bb74d7c3453eabd02393c8c2391368b8a2536f7fd7b97c7b1e525c6b8d068d8e66dc4e2ca927d376b7865ef28c9dab23bb8c672d848227

Download Submit
C:\Windows\SysWOW64\casino_extensions.exe

Filesize
356KB

MD5
d75307b57e66843bee0c36635140f68a

SHA1
bf77fb6c37fb5fdad67e4d1aaa0623cf38376904

SHA256
f9cf5a2659a9d4cba9ae628cc60c6b3faca09f3ceaf284aefecbbf7bc974d279

SHA512
d420ad15d854c5a167bb74d7c3453eabd02393c8c2391368b8a2536f7fd7b97c7b1e525c6b8d068d8e66dc4e2ca927d376b7865ef28c9dab23bb8c672d848227

Download Submit
C:\Windows\SysWOW64\casino_extensions.exe

Filesize
356KB

MD5
d75307b57e66843bee0c36635140f68a

SHA1
bf77fb6c37fb5fdad67e4d1aaa0623cf38376904

SHA256
f9cf5a2659a9d4cba9ae628cc60c6b3faca09f3ceaf284aefecbbf7bc974d279

SHA512
d420ad15d854c5a167bb74d7c3453eabd02393c8c2391368b8a2536f7fd7b97c7b1e525c6b8d068d8e66dc4e2ca927d376b7865ef28c9dab23bb8c672d848227

Download Submit
C:\Windows\SysWOW64\casino_extensions.exe

Filesize
356KB

MD5
d75307b57e66843bee0c36635140f68a

SHA1
bf77fb6c37fb5fdad67e4d1aaa0623cf38376904

SHA256
f9cf5a2659a9d4cba9ae628cc60c6b3faca09f3ceaf284aefecbbf7bc974d279

SHA512
d420ad15d854c5a167bb74d7c3453eabd02393c8c2391368b8a2536f7fd7b97c7b1e525c6b8d068d8e66dc4e2ca927d376b7865ef28c9dab23bb8c672d848227

Download Submit
C:\Windows\SysWOW64\casino_extensions.exe

Filesize
356KB

MD5
d75307b57e66843bee0c36635140f68a

SHA1
bf77fb6c37fb5fdad67e4d1aaa0623cf38376904

SHA256
f9cf5a2659a9d4cba9ae628cc60c6b3faca09f3ceaf284aefecbbf7bc974d279

SHA512
d420ad15d854c5a167bb74d7c3453eabd02393c8c2391368b8a2536f7fd7b97c7b1e525c6b8d068d8e66dc4e2ca927d376b7865ef28c9dab23bb8c672d848227

Download Submit
C:\Windows\SysWOW64\casino_extensions.exe

Filesize
356KB

MD5
d75307b57e66843bee0c36635140f68a

SHA1
bf77fb6c37fb5fdad67e4d1aaa0623cf38376904

SHA256
f9cf5a2659a9d4cba9ae628cc60c6b3faca09f3ceaf284aefecbbf7bc974d279

SHA512
d420ad15d854c5a167bb74d7c3453eabd02393c8c2391368b8a2536f7fd7b97c7b1e525c6b8d068d8e66dc4e2ca927d376b7865ef28c9dab23bb8c672d848227

Download Submit
C:\Windows\SysWOW64\casino_extensions.exe

Filesize
356KB

MD5
d75307b57e66843bee0c36635140f68a

SHA1
bf77fb6c37fb5fdad67e4d1aaa0623cf38376904

SHA256
f9cf5a2659a9d4cba9ae628cc60c6b3faca09f3ceaf284aefecbbf7bc974d279

SHA512
d420ad15d854c5a167bb74d7c3453eabd02393c8c2391368b8a2536f7fd7b97c7b1e525c6b8d068d8e66dc4e2ca927d376b7865ef28c9dab23bb8c672d848227

Download Submit
C:\Windows\SysWOW64\casino_extensions.exe

Filesize
356KB

MD5
d75307b57e66843bee0c36635140f68a

SHA1
bf77fb6c37fb5fdad67e4d1aaa0623cf38376904

SHA256
f9cf5a2659a9d4cba9ae628cc60c6b3faca09f3ceaf284aefecbbf7bc974d279

SHA512
d420ad15d854c5a167bb74d7c3453eabd02393c8c2391368b8a2536f7fd7b97c7b1e525c6b8d068d8e66dc4e2ca927d376b7865ef28c9dab23bb8c672d848227

Download Submit
C:\Windows\SysWOW64\casino_extensions.exe

Filesize
356KB

MD5
d75307b57e66843bee0c36635140f68a

SHA1
bf77fb6c37fb5fdad67e4d1aaa0623cf38376904

SHA256
f9cf5a2659a9d4cba9ae628cc60c6b3faca09f3ceaf284aefecbbf7bc974d279

SHA512
d420ad15d854c5a167bb74d7c3453eabd02393c8c2391368b8a2536f7fd7b97c7b1e525c6b8d068d8e66dc4e2ca927d376b7865ef28c9dab23bb8c672d848227

Download Submit
C:\Windows\SysWOW64\casino_extensions.exe

Filesize
356KB

MD5
d75307b57e66843bee0c36635140f68a

SHA1
bf77fb6c37fb5fdad67e4d1aaa0623cf38376904

SHA256
f9cf5a2659a9d4cba9ae628cc60c6b3faca09f3ceaf284aefecbbf7bc974d279

SHA512
d420ad15d854c5a167bb74d7c3453eabd02393c8c2391368b8a2536f7fd7b97c7b1e525c6b8d068d8e66dc4e2ca927d376b7865ef28c9dab23bb8c672d848227

Download Submit
C:\Windows\SysWOW64\casino_extensions.exe

Filesize
356KB

MD5
d75307b57e66843bee0c36635140f68a

SHA1
bf77fb6c37fb5fdad67e4d1aaa0623cf38376904

SHA256
f9cf5a2659a9d4cba9ae628cc60c6b3faca09f3ceaf284aefecbbf7bc974d279

SHA512
d420ad15d854c5a167bb74d7c3453eabd02393c8c2391368b8a2536f7fd7b97c7b1e525c6b8d068d8e66dc4e2ca927d376b7865ef28c9dab23bb8c672d848227

Download Submit
C:\Windows\SysWOW64\casino_extensions.exe

Filesize
356KB

MD5
d75307b57e66843bee0c36635140f68a

SHA1
bf77fb6c37fb5fdad67e4d1aaa0623cf38376904

SHA256
f9cf5a2659a9d4cba9ae628cc60c6b3faca09f3ceaf284aefecbbf7bc974d279

SHA512
d420ad15d854c5a167bb74d7c3453eabd02393c8c2391368b8a2536f7fd7b97c7b1e525c6b8d068d8e66dc4e2ca927d376b7865ef28c9dab23bb8c672d848227

Download Submit
C:\Windows\SysWOW64\casino_extensions.exe

Filesize
356KB

MD5
d75307b57e66843bee0c36635140f68a

SHA1
bf77fb6c37fb5fdad67e4d1aaa0623cf38376904

SHA256
f9cf5a2659a9d4cba9ae628cc60c6b3faca09f3ceaf284aefecbbf7bc974d279

SHA512
d420ad15d854c5a167bb74d7c3453eabd02393c8c2391368b8a2536f7fd7b97c7b1e525c6b8d068d8e66dc4e2ca927d376b7865ef28c9dab23bb8c672d848227

Download Submit
C:\Windows\SysWOW64\casino_extensions.exe

Filesize
356KB

MD5
d75307b57e66843bee0c36635140f68a

SHA1
bf77fb6c37fb5fdad67e4d1aaa0623cf38376904

SHA256
f9cf5a2659a9d4cba9ae628cc60c6b3faca09f3ceaf284aefecbbf7bc974d279

SHA512
d420ad15d854c5a167bb74d7c3453eabd02393c8c2391368b8a2536f7fd7b97c7b1e525c6b8d068d8e66dc4e2ca927d376b7865ef28c9dab23bb8c672d848227

Download Submit
memory/852-66-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download